mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-30 04:15:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.

Browse source
This commit is contained in:
Antoine Pitrou 2012-01-27 09:42:45 +01:00
parent 141e770e8f
commit d358e0554b
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Misc/NEWS
View file

@ -13,6 +13,9 @@ Core and Builtins
Library Library
------- -------
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
What's New in Python 2.6.7? What's New in Python 2.6.7?
=========================== ===========================

3
Modules/_ssl.c
View file

@ -357,7 +357,8 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
} }
/* ssl compatibility */ /* ssl compatibility */
SSL_CTX_set_options(self->ctx, SSL_OP_ALL); SSL_CTX_set_options(self->ctx,
SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
verification_mode = SSL_VERIFY_NONE; verification_mode = SSL_VERIFY_NONE;
if (certreq == PY_SSL_CERT_OPTIONAL) if (certreq == PY_SSL_CERT_OPTIONAL)