Reapply check that SSLv3 is available before use that is listed in hacks.txt to new lib.

This fixes an issue in the urllib3/PyOpenSSL contrib in requests lib that assumes ssl.protocol_sslv3 is always defined. Many systems have disabled this protocol in light of recent security issues.
This commit is contained in:
JackDandy 2014-11-20 02:08:17 +00:00
parent 556e92a730
commit d03f198e13

View file

@ -68,11 +68,18 @@ __all__ = ['inject_into_urllib3', 'extract_from_urllib3']
HAS_SNI = SUBJ_ALT_NAME_SUPPORT HAS_SNI = SUBJ_ALT_NAME_SUPPORT
# Map from urllib3 to PyOpenSSL compatible parameter-values. # Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = { try:
ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD, _openssl_versions = {
ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD, ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD, ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
} ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
except AttributeError:
_openssl_versions = {
ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
_openssl_verify = { _openssl_verify = {
ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE, ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER, ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,