Fix how OpenSSL context is created to make it possible to push over https again.

Submitted by:	maintainer
Approved by:	maintainer
Sponsored by:	Absolight
This commit is contained in:
Mathieu Arnold 2015-02-05 09:01:46 +00:00
parent 12a1f8e664
commit 29d6569639
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=378448
2 changed files with 19 additions and 0 deletions

View file

@ -3,6 +3,7 @@
PORTNAME= mercurial
PORTVERSION= 3.3
PORTREVISION= 1
CATEGORIES= devel python
MASTER_SITES= http://mercurial.selenic.com/release/

View file

@ -0,0 +1,18 @@
Change condition in order to prevent SSLv2 and SSLv3 protocols.
Taken from ${PYTHON_LIBDIR}/ssl.py file (found in 'create_default_context'
function).
--- mercurial/sslutil.py.orig 2015-02-02 02:20:50 UTC
+++ mercurial/sslutil.py
@@ -29,7 +29,10 @@ try:
# maintainers for us, but that breaks too many things to
# do it in a hurry.
sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
- sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3
+ # SSLv2 is considered harmful
+ sslcontext.options |= ssl.OP_NO_SSLv2
+ # SSLv3 has problematic security issue
+ sslcontext.options |= ssl.OP_NO_SSLv3
if certfile is not None:
sslcontext.load_cert_chain(certfile, keyfile)
sslcontext.verify_mode = cert_reqs