diff options
| author | Ross Burton <ross.burton@intel.com> | 2018-09-13 10:02:31 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-13 10:04:40 +0100 |
| commit | 5679b31bcf34cc3659a84a9181a80295812fb2fe (patch) | |
| tree | af3ec348d51d987c414e9921110a1390c0ea3c2c /meta/recipes-devtools/python/python3 | |
| parent | 90028f3771a594d0cfb9560f463f2d15f052599e (diff) | |
| download | poky-5679b31bcf34cc3659a84a9181a80295812fb2fe.tar.gz | |
python3: fix openssl 1.1.1 changes
Due to human error an older revision of the SSL patch was merged.
(From OE-Core rev: 325af0f4a821971a7aeeca35b10e3558f86029e0)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/python/python3')
| -rw-r--r-- | meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch | 27 |
1 files changed, 10 insertions, 17 deletions
diff --git a/meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch b/meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch index cb744deec8..d48cad7586 100644 --- a/meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch +++ b/meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | From 46c719ec4f79d6830c55ab7f5a03d826eabd0bd5 Mon Sep 17 00:00:00 2001 | 1 | From e950ea68dab006944af194c9910b8f2341d1437d Mon Sep 17 00:00:00 2001 |
| 2 | From: Christian Heimes <christian@python.org> | 2 | From: Christian Heimes <christian@python.org> |
| 3 | Date: Thu, 7 Sep 2017 20:23:52 -0700 | 3 | Date: Thu, 7 Sep 2017 20:23:52 -0700 |
| 4 | Subject: [PATCH 2/4] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 | 4 | Subject: [PATCH] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 |
| 5 | (GH-1363) (#3444) | 5 | (GH-1363) (#3444) |
| 6 | 6 | ||
| 7 | * bpo-29136: Add TLS 1.3 support | 7 | * bpo-29136: Add TLS 1.3 support |
| @@ -25,11 +25,11 @@ Upstream-Status: Backport | |||
| 25 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | 25 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> |
| 26 | --- | 26 | --- |
| 27 | Doc/library/ssl.rst | 21 ++++++++++++++ | 27 | Doc/library/ssl.rst | 21 ++++++++++++++ |
| 28 | Lib/ssl.py | 14 +++++++++ | 28 | Lib/ssl.py | 7 +++++ |
| 29 | Lib/test/test_ssl.py | 29 ++++++++++++++++++- | 29 | Lib/test/test_ssl.py | 29 ++++++++++++++++++- |
| 30 | .../2017-09-04-16-39-49.bpo-29136.vSn1oR.rst | 1 + | 30 | .../2017-09-04-16-39-49.bpo-29136.vSn1oR.rst | 1 + |
| 31 | Modules/_ssl.c | 13 +++++++++ | 31 | Modules/_ssl.c | 13 +++++++++ |
| 32 | 5 files changed, 77 insertions(+), 1 deletion(-) | 32 | 5 files changed, 70 insertions(+), 1 deletion(-) |
| 33 | create mode 100644 Misc/NEWS.d/next/Library/2017-09-04-16-39-49.bpo-29136.vSn1oR.rst | 33 | create mode 100644 Misc/NEWS.d/next/Library/2017-09-04-16-39-49.bpo-29136.vSn1oR.rst |
| 34 | 34 | ||
| 35 | diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst | 35 | diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst |
| @@ -79,25 +79,18 @@ index 14f2d68217..29c5e94cf6 100644 | |||
| 79 | 79 | ||
| 80 | List of supported TLS channel binding types. Strings in this list | 80 | List of supported TLS channel binding types. Strings in this list |
| 81 | diff --git a/Lib/ssl.py b/Lib/ssl.py | 81 | diff --git a/Lib/ssl.py b/Lib/ssl.py |
| 82 | index 4d302a78fa..ac2c0cbaf3 100644 | 82 | index 4d302a78fa..f233e72e1f 100644 |
| 83 | --- a/Lib/ssl.py | 83 | --- a/Lib/ssl.py |
| 84 | +++ b/Lib/ssl.py | 84 | +++ b/Lib/ssl.py |
| 85 | @@ -122,6 +122,14 @@ _import_symbols('OP_') | 85 | @@ -122,6 +122,7 @@ _import_symbols('OP_') |
| 86 | _import_symbols('ALERT_DESCRIPTION_') | 86 | _import_symbols('ALERT_DESCRIPTION_') |
| 87 | _import_symbols('SSL_ERROR_') | 87 | _import_symbols('SSL_ERROR_') |
| 88 | _import_symbols('VERIFY_') | 88 | _import_symbols('VERIFY_') |
| 89 | +from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN, HAS_TLSv1_3 | 89 | +from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN, HAS_TLSv1_3 |
| 90 | +from _ssl import _OPENSSL_API_VERSION | ||
| 91 | + | ||
| 92 | + | ||
| 93 | +_IntEnum._convert( | ||
| 94 | + '_SSLMethod', __name__, | ||
| 95 | + lambda name: name.startswith('PROTOCOL_') and name != 'PROTOCOL_SSLv23', | ||
| 96 | + source=_ssl) | ||
| 97 | 90 | ||
| 98 | from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN | 91 | from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN |
| 99 | 92 | ||
| 100 | @@ -162,6 +170,7 @@ else: | 93 | @@ -162,6 +163,7 @@ else: |
| 101 | # (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL') | 94 | # (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL') |
| 102 | # Enable a better set of ciphers by default | 95 | # Enable a better set of ciphers by default |
| 103 | # This list has been explicitly chosen to: | 96 | # This list has been explicitly chosen to: |
| @@ -105,7 +98,7 @@ index 4d302a78fa..ac2c0cbaf3 100644 | |||
| 105 | # * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) | 98 | # * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) |
| 106 | # * Prefer ECDHE over DHE for better performance | 99 | # * Prefer ECDHE over DHE for better performance |
| 107 | # * Prefer AEAD over CBC for better performance and security | 100 | # * Prefer AEAD over CBC for better performance and security |
| 108 | @@ -173,6 +182,8 @@ else: | 101 | @@ -173,6 +175,8 @@ else: |
| 109 | # * Disable NULL authentication, NULL encryption, 3DES and MD5 MACs | 102 | # * Disable NULL authentication, NULL encryption, 3DES and MD5 MACs |
| 110 | # for security reasons | 103 | # for security reasons |
| 111 | _DEFAULT_CIPHERS = ( | 104 | _DEFAULT_CIPHERS = ( |
| @@ -114,7 +107,7 @@ index 4d302a78fa..ac2c0cbaf3 100644 | |||
| 114 | 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:' | 107 | 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:' |
| 115 | 'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:' | 108 | 'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:' |
| 116 | '!aNULL:!eNULL:!MD5:!3DES' | 109 | '!aNULL:!eNULL:!MD5:!3DES' |
| 117 | @@ -180,6 +191,7 @@ _DEFAULT_CIPHERS = ( | 110 | @@ -180,6 +184,7 @@ _DEFAULT_CIPHERS = ( |
| 118 | 111 | ||
| 119 | # Restricted and more secure ciphers for the server side | 112 | # Restricted and more secure ciphers for the server side |
| 120 | # This list has been explicitly chosen to: | 113 | # This list has been explicitly chosen to: |
| @@ -122,7 +115,7 @@ index 4d302a78fa..ac2c0cbaf3 100644 | |||
| 122 | # * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) | 115 | # * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) |
| 123 | # * Prefer ECDHE over DHE for better performance | 116 | # * Prefer ECDHE over DHE for better performance |
| 124 | # * Prefer AEAD over CBC for better performance and security | 117 | # * Prefer AEAD over CBC for better performance and security |
| 125 | @@ -190,6 +202,8 @@ _DEFAULT_CIPHERS = ( | 118 | @@ -190,6 +195,8 @@ _DEFAULT_CIPHERS = ( |
| 126 | # * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, RC4, and | 119 | # * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, RC4, and |
| 127 | # 3DES for security reasons | 120 | # 3DES for security reasons |
| 128 | _RESTRICTED_SERVER_CIPHERS = ( | 121 | _RESTRICTED_SERVER_CIPHERS = ( |