mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-04 00:30:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.

Browse source
This commit is contained in:
Antoine Pitrou 2014-01-09 20:02:20 +01:00
parent 1064a13bb0
commit cd3d7cabef
3 changed files with 12 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Modules/_ssl.c
View file

@ -1737,6 +1737,7 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
char *kwlist[] = {"protocol", NULL};
PySSLContext *self;
int proto_version = PY_SSL_VERSION_SSL23;
long options;
SSL_CTX *ctx = NULL;
if (!PyArg_ParseTupleAndKeywords(
@ -1782,8 +1783,10 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
#endif
/* Defaults */
SSL_CTX_set_verify(self->ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_options(self->ctx,
SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
if (proto_version != PY_SSL_VERSION_SSL2)
options |= SSL_OP_NO_SSLv2;
SSL_CTX_set_options(self->ctx, options);
#define SID_CTX "Python"
SSL_CTX_set_session_id_context(self->ctx, (const unsigned char *) SID_CTX,