summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2018-09-13 10:02:31 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-09-13 10:04:40 +0100
commit5679b31bcf34cc3659a84a9181a80295812fb2fe (patch)
treeaf3ec348d51d987c414e9921110a1390c0ea3c2c /meta/recipes-devtools/python
parent90028f3771a594d0cfb9560f463f2d15f052599e (diff)
downloadpoky-5679b31bcf34cc3659a84a9181a80295812fb2fe.tar.gz
python3: fix openssl 1.1.1 changes
Due to human error an older revision of the SSL patch was merged. (From OE-Core rev: 325af0f4a821971a7aeeca35b10e3558f86029e0) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/python')
-rw-r--r--meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch27
1 files changed, 10 insertions, 17 deletions
diff --git a/meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch b/meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch
index cb744deec8..d48cad7586 100644
--- a/meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch
+++ b/meta/recipes-devtools/python/python3/0002-bpo-29136-Add-TLS-1.3-cipher-suites-and-OP_NO_TLSv1_.patch
@@ -1,7 +1,7 @@
1From 46c719ec4f79d6830c55ab7f5a03d826eabd0bd5 Mon Sep 17 00:00:00 2001 1From e950ea68dab006944af194c9910b8f2341d1437d Mon Sep 17 00:00:00 2001
2From: Christian Heimes <christian@python.org> 2From: Christian Heimes <christian@python.org>
3Date: Thu, 7 Sep 2017 20:23:52 -0700 3Date: Thu, 7 Sep 2017 20:23:52 -0700
4Subject: [PATCH 2/4] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 4Subject: [PATCH] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3
5 (GH-1363) (#3444) 5 (GH-1363) (#3444)
6 6
7* bpo-29136: Add TLS 1.3 support 7* bpo-29136: Add TLS 1.3 support
@@ -25,11 +25,11 @@ Upstream-Status: Backport
25Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> 25Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
26--- 26---
27 Doc/library/ssl.rst | 21 ++++++++++++++ 27 Doc/library/ssl.rst | 21 ++++++++++++++
28 Lib/ssl.py | 14 +++++++++ 28 Lib/ssl.py | 7 +++++
29 Lib/test/test_ssl.py | 29 ++++++++++++++++++- 29 Lib/test/test_ssl.py | 29 ++++++++++++++++++-
30 .../2017-09-04-16-39-49.bpo-29136.vSn1oR.rst | 1 + 30 .../2017-09-04-16-39-49.bpo-29136.vSn1oR.rst | 1 +
31 Modules/_ssl.c | 13 +++++++++ 31 Modules/_ssl.c | 13 +++++++++
32 5 files changed, 77 insertions(+), 1 deletion(-) 32 5 files changed, 70 insertions(+), 1 deletion(-)
33 create mode 100644 Misc/NEWS.d/next/Library/2017-09-04-16-39-49.bpo-29136.vSn1oR.rst 33 create mode 100644 Misc/NEWS.d/next/Library/2017-09-04-16-39-49.bpo-29136.vSn1oR.rst
34 34
35diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst 35diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
@@ -79,25 +79,18 @@ index 14f2d68217..29c5e94cf6 100644
79 79
80 List of supported TLS channel binding types. Strings in this list 80 List of supported TLS channel binding types. Strings in this list
81diff --git a/Lib/ssl.py b/Lib/ssl.py 81diff --git a/Lib/ssl.py b/Lib/ssl.py
82index 4d302a78fa..ac2c0cbaf3 100644 82index 4d302a78fa..f233e72e1f 100644
83--- a/Lib/ssl.py 83--- a/Lib/ssl.py
84+++ b/Lib/ssl.py 84+++ b/Lib/ssl.py
85@@ -122,6 +122,14 @@ _import_symbols('OP_') 85@@ -122,6 +122,7 @@ _import_symbols('OP_')
86 _import_symbols('ALERT_DESCRIPTION_') 86 _import_symbols('ALERT_DESCRIPTION_')
87 _import_symbols('SSL_ERROR_') 87 _import_symbols('SSL_ERROR_')
88 _import_symbols('VERIFY_') 88 _import_symbols('VERIFY_')
89+from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN, HAS_TLSv1_3 89+from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN, HAS_TLSv1_3
90+from _ssl import _OPENSSL_API_VERSION
91+
92+
93+_IntEnum._convert(
94+ '_SSLMethod', __name__,
95+ lambda name: name.startswith('PROTOCOL_') and name != 'PROTOCOL_SSLv23',
96+ source=_ssl)
97 90
98 from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN 91 from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN
99 92
100@@ -162,6 +170,7 @@ else: 93@@ -162,6 +163,7 @@ else:
101 # (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL') 94 # (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL')
102 # Enable a better set of ciphers by default 95 # Enable a better set of ciphers by default
103 # This list has been explicitly chosen to: 96 # This list has been explicitly chosen to:
@@ -105,7 +98,7 @@ index 4d302a78fa..ac2c0cbaf3 100644
105 # * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) 98 # * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
106 # * Prefer ECDHE over DHE for better performance 99 # * Prefer ECDHE over DHE for better performance
107 # * Prefer AEAD over CBC for better performance and security 100 # * Prefer AEAD over CBC for better performance and security
108@@ -173,6 +182,8 @@ else: 101@@ -173,6 +175,8 @@ else:
109 # * Disable NULL authentication, NULL encryption, 3DES and MD5 MACs 102 # * Disable NULL authentication, NULL encryption, 3DES and MD5 MACs
110 # for security reasons 103 # for security reasons
111 _DEFAULT_CIPHERS = ( 104 _DEFAULT_CIPHERS = (
@@ -114,7 +107,7 @@ index 4d302a78fa..ac2c0cbaf3 100644
114 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:' 107 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
115 'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:' 108 'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
116 '!aNULL:!eNULL:!MD5:!3DES' 109 '!aNULL:!eNULL:!MD5:!3DES'
117@@ -180,6 +191,7 @@ _DEFAULT_CIPHERS = ( 110@@ -180,6 +184,7 @@ _DEFAULT_CIPHERS = (
118 111
119 # Restricted and more secure ciphers for the server side 112 # Restricted and more secure ciphers for the server side
120 # This list has been explicitly chosen to: 113 # This list has been explicitly chosen to:
@@ -122,7 +115,7 @@ index 4d302a78fa..ac2c0cbaf3 100644
122 # * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) 115 # * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
123 # * Prefer ECDHE over DHE for better performance 116 # * Prefer ECDHE over DHE for better performance
124 # * Prefer AEAD over CBC for better performance and security 117 # * Prefer AEAD over CBC for better performance and security
125@@ -190,6 +202,8 @@ _DEFAULT_CIPHERS = ( 118@@ -190,6 +195,8 @@ _DEFAULT_CIPHERS = (
126 # * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, RC4, and 119 # * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, RC4, and
127 # 3DES for security reasons 120 # 3DES for security reasons
128 _RESTRICTED_SERVER_CIPHERS = ( 121 _RESTRICTED_SERVER_CIPHERS = (