Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
M
m2crypto
Manage
Activity
Members
Labels
Plan
Wiki
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Debian Python Team
packages
m2crypto
Commits
e0e9ad5c
Commit
e0e9ad5c
authored
4 years ago
by
Sandro Tosi
Browse files
Options
Downloads
Patches
Plain Diff
fix compatibility with openssl/1.1.1i+; Closes: #954402
parent
a5005a7a
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
debian/changelog
+3
-1
3 additions, 1 deletion
debian/changelog
debian/patches/MR261.patch
+47
-0
47 additions, 0 deletions
debian/patches/MR261.patch
debian/patches/series
+1
-0
1 addition, 0 deletions
debian/patches/series
with
51 additions
and
1 deletion
debian/changelog
+
3
−
1
View file @
e0e9ad5c
...
...
@@ -14,8 +14,10 @@ m2crypto (0.37.1-1) UNRELEASED; urgency=medium
- add parameterized to b-d, needed by tests
* debian/patches/0001-import-inspect-in-urllib-2.patch
- refresh patch
* debian/patches/MR261.patch
- fix compatibility with openssl/1.1.1i+; Closes: #954402
-- Sandro Tosi <morph@debian.org> T
hu, 07
Jan 2021 0
2
:42:
5
3 -0500
-- Sandro Tosi <morph@debian.org> T
ue, 12
Jan 2021 0
0
:42:3
5
-0500
m2crypto (0.36.0-1) unstable; urgency=medium
...
...
This diff is collapsed.
Click to expand it.
debian/patches/MR261.patch
0 → 100644
+
47
−
0
View file @
e0e9ad5c
From 73fbd1e646f6bbf202d4418bae80eb9941fbf552 Mon Sep 17 00:00:00 2001
From: Casey Deccio <casey@deccio.net>
Date: Fri, 8 Jan 2021 12:43:09 -0700
Subject: [PATCH] Allow verify_cb_* to be called with ok=True
With https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
---
tests/test_ssl.py | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 92b6942c..7a3271aa 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -59,8 +59,13 @@
def allocate_srv_port():
def verify_cb_new_function(ok, store):
- assert not ok
err = store.get_error()
+ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
+ # aborting, this callback is called to retrieve additional error
+ # information. In this case, ok might not be False.
+ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+ assert not ok
assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
m2.X509_V_ERR_CERT_UNTRUSTED,
@@ -618,7 +623,12 @@
class MiscSSLClientTestCase(BaseSSLClientTestCase):
def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
try:
- self.assertFalse(ok)
+ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
+ # aborting, this callback is called to retrieve additional error
+ # information. In this case, ok might not be False.
+ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+ self.assertFalse(ok)
self.assertIn(err,
[m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
--
GitLab
This diff is collapsed.
Click to expand it.
debian/patches/series
+
1
−
0
View file @
e0e9ad5c
0001-import-inspect-in-urllib-2.patch
MR261.patch
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment