Patch #909007] Enable a bunch of safe bug workarounds in OpenSSL, for

author Andrew M. Kuchling <amk@amk.ca>

Mon, 12 Jul 2004 13:10:47 +0000 (13:10 +0000)

committer Andrew M. Kuchling <amk@amk.ca>

Mon, 12 Jul 2004 13:10:47 +0000 (13:10 +0000)
author Andrew M. Kuchling <amk@amk.ca>
Mon, 12 Jul 2004 13:10:47 +0000 (13:10 +0000)
committer Andrew M. Kuchling <amk@amk.ca>
Mon, 12 Jul 2004 13:10:47 +0000 (13:10 +0000)
diff --git a/Misc/NEWS b/Misc/NEWS

index 4ac67d4be5e5ed91e27c4fffaa22d4f5d5070ab1..23ddd63e8675f6c7f0b4e59b9e3257c452455557 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -37,6 +37,9 @@ Extension modules
  - Bug #954364: inspect.getframeinfo() sometimes produces incorrect traceback
    line numbers
  
+- Patch #909007: Enable a bunch of safe bug workarounds in OpenSSL, for
+  the sake of compatibility with various broken SSL implementations.
+
  Library
  -------
  
diff --git a/Modules/_ssl.c b/Modules/_ssl.c

index 5fcf84ca2e9e97d505ae8d8d81a5f18451ced715..610a1854f31963f775543586eed47134046a5d56 100644 (file)
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -220,6 +220,7 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file)
         Py_BEGIN_ALLOW_THREADS
         SSL_CTX_set_verify(self->ctx,
                            SSL_VERIFY_NONE, NULL); /* set verify lvl */
+       SSL_CTX_set_options(self->ctx, SSL_OP_ALL); /* ssl compatibility */
         self->ssl = SSL_new(self->ctx); /* New ssl struct */
         Py_END_ALLOW_THREADS
         SSL_set_fd(self->ssl, Sock->sock_fd);   /* Set the socket for SSL */
author	Andrew M. Kuchling <amk@amk.ca>
	Mon, 12 Jul 2004 13:10:47 +0000 (13:10 +0000)
committer	Andrew M. Kuchling <amk@amk.ca>
	Mon, 12 Jul 2004 13:10:47 +0000 (13:10 +0000)
Misc/NEWS		patch \| blob \| blame \| history
Modules/_ssl.c		patch \| blob \| blame \| history