From: Andrew M. Kuchling <amk@amk.ca>
Date: Mon, 12 Jul 2004 13:10:47 +0000 (+0000)
Subject: Patch #909007] Enable a bunch of safe bug workarounds in OpenSSL, for
X-Git-Tag: v2.3.5c1~182
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e03d9af2a21e8ae5b96ce74c94cd09676ee2a425;p=thirdparty%2FPython%2Fcpython.git

Patch #909007] Enable a bunch of safe bug workarounds in OpenSSL, for
compatibility with various broken SSL implementations out there.
---

diff --git a/Misc/NEWS b/Misc/NEWS
index 4ac67d4be5e5..23ddd63e8675 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -37,6 +37,9 @@ Extension modules
 - Bug #954364: inspect.getframeinfo() sometimes produces incorrect traceback
   line numbers
 
+- Patch #909007: Enable a bunch of safe bug workarounds in OpenSSL, for
+  the sake of compatibility with various broken SSL implementations.
+
 Library
 -------
 
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 5fcf84ca2e9e..610a1854f319 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -220,6 +220,7 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file)
 	Py_BEGIN_ALLOW_THREADS
 	SSL_CTX_set_verify(self->ctx,
 			   SSL_VERIFY_NONE, NULL); /* set verify lvl */
+	SSL_CTX_set_options(self->ctx, SSL_OP_ALL); /* ssl compatibility */
 	self->ssl = SSL_new(self->ctx); /* New ssl struct */
 	Py_END_ALLOW_THREADS
 	SSL_set_fd(self->ssl, Sock->sock_fd);	/* Set the socket for SSL */