[Python-modules-commits] r32759 - in packages/python-eventlet/trunk/debian (3 files)

zigo at users.alioth.debian.org zigo at users.alioth.debian.org
Thu May 21 17:21:50 UTC 2015 

    Date: Thursday, May 21, 2015 @ 17:21:49
  Author: zigo
Revision: 32759

Enforce default protocol to be TLSv1 and not SSLv23.

Added:
  packages/python-eventlet/trunk/debian/patches/set-defaults-to-be-tlsv1-not-sslv23.patch
Modified:
  packages/python-eventlet/trunk/debian/changelog
  packages/python-eventlet/trunk/debian/patches/series

Modified: packages/python-eventlet/trunk/debian/changelog
===================================================================
--- packages/python-eventlet/trunk/debian/changelog	2015-05-21 17:13:59 UTC (rev 32758)
+++ packages/python-eventlet/trunk/debian/changelog	2015-05-21 17:21:49 UTC (rev 32759)
@@ -1,3 +1,9 @@
+python-eventlet (0.17.3-4) unstable; urgency=medium
+
+  * Enforce default protocol to be TLSv1 and not SSLv23.
+
+ -- Thomas Goirand <zigo at debian.org>  Thu, 21 May 2015 17:20:12 +0000
+
 python-eventlet (0.17.3-3) unstable; urgency=medium
 
   * Enforce TLSv1 always, instead of the more permissive SSLv23.

Modified: packages/python-eventlet/trunk/debian/patches/series
===================================================================
--- packages/python-eventlet/trunk/debian/patches/series	2015-05-21 17:13:59 UTC (rev 32758)
+++ packages/python-eventlet/trunk/debian/patches/series	2015-05-21 17:21:49 UTC (rev 32759)
@@ -2,3 +2,4 @@
 fix-FTBFS-on-sphinx-build.patch
 use-packaged-python-mock-rather-than-embedded.patch
 enforce-tlsv1-always.patch
+set-defaults-to-be-tlsv1-not-sslv23.patch

Added: packages/python-eventlet/trunk/debian/patches/set-defaults-to-be-tlsv1-not-sslv23.patch
===================================================================
--- packages/python-eventlet/trunk/debian/patches/set-defaults-to-be-tlsv1-not-sslv23.patch	                        (rev 0)
+++ packages/python-eventlet/trunk/debian/patches/set-defaults-to-be-tlsv1-not-sslv23.patch	2015-05-21 17:21:49 UTC (rev 32759)
@@ -0,0 +1,17 @@
+Description: Do not use SSLv23 by default, but TLSv1
+ Default protocol should really be TLSv1 and not SSLv23.
+Author: Thomas Goirand <zigo at debian.org>
+Forwarded: no
+Last-Update: 2015-05-21
+
+--- python-eventlet-0.17.3.orig/eventlet/green/ssl.py
++++ python-eventlet-0.17.3/eventlet/green/ssl.py
+@@ -46,7 +46,7 @@ class GreenSSLSocket(_original_sslsocket
+ 
+     def __init__(self, sock, keyfile=None, certfile=None,
+                  server_side=False, cert_reqs=CERT_NONE,
+-                 ssl_version=PROTOCOL_SSLv23, ca_certs=None,
++                 ssl_version=PROTOCOL_TLSv1, ca_certs=None,
+                  do_handshake_on_connect=True, *args, **kw):
+         if not isinstance(sock, GreenSocket):
+             sock = GreenSocket(sock)

More information about the Python-modules-commits mailing list