diff options
| author | Khem Raj <raj.khem@gmail.com> | 2021-05-01 12:04:27 -0700 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2021-05-03 08:05:21 -0700 |
| commit | b8bbcd4dea422be57123d75fbf77db6d33542b06 (patch) | |
| tree | 17575e74c76687ac01ecdd69aed7a71614941326 /meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch | |
| parent | 57baca4bc1b681482bc014508d28f7def5949c33 (diff) | |
| download | meta-openembedded-b8bbcd4dea422be57123d75fbf77db6d33542b06.tar.gz | |
python3-m2crypto: Upgrade to 0.37.1
Unifiy .inc into .bb
Add patches to fix issues with openssl 1.1.x
Remove m2crypto-0.26.4-gcc_macros patch, its no longer needed
Refresh existing patches
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch b/meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch new file mode 100644 index 0000000000..3c836635a1 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch | |||
| @@ -0,0 +1,47 @@ | |||
| 1 | From 73fbd1e646f6bbf202d4418bae80eb9941fbf552 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Casey Deccio <casey@deccio.net> | ||
| 3 | Date: Fri, 8 Jan 2021 12:43:09 -0700 | ||
| 4 | Subject: [PATCH] Allow verify_cb_* to be called with ok=True | ||
| 5 | |||
| 6 | With https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58 | ||
| 7 | OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE | ||
| 8 | --- | ||
| 9 | tests/test_ssl.py | 14 ++++++++++++-- | ||
| 10 | 1 file changed, 12 insertions(+), 2 deletions(-) | ||
| 11 | |||
| 12 | diff --git a/tests/test_ssl.py b/tests/test_ssl.py | ||
| 13 | index 92b6942..7a3271a 100644 | ||
| 14 | --- a/tests/test_ssl.py | ||
| 15 | +++ b/tests/test_ssl.py | ||
| 16 | @@ -59,8 +59,13 @@ def allocate_srv_port(): | ||
| 17 | |||
| 18 | |||
| 19 | def verify_cb_new_function(ok, store): | ||
| 20 | - assert not ok | ||
| 21 | err = store.get_error() | ||
| 22 | + # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of | ||
| 23 | + # aborting, this callback is called to retrieve additional error | ||
| 24 | + # information. In this case, ok might not be False. | ||
| 25 | + # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58 | ||
| 26 | + if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: | ||
| 27 | + assert not ok | ||
| 28 | assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, | ||
| 29 | m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, | ||
| 30 | m2.X509_V_ERR_CERT_UNTRUSTED, | ||
| 31 | @@ -618,7 +623,12 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase): | ||
| 32 | |||
| 33 | def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok): | ||
| 34 | try: | ||
| 35 | - self.assertFalse(ok) | ||
| 36 | + # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of | ||
| 37 | + # aborting, this callback is called to retrieve additional error | ||
| 38 | + # information. In this case, ok might not be False. | ||
| 39 | + # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58 | ||
| 40 | + if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: | ||
| 41 | + self.assertFalse(ok) | ||
| 42 | self.assertIn(err, | ||
| 43 | [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, | ||
| 44 | m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, | ||
| 45 | -- | ||
| 46 | 2.29.2 | ||
| 47 | |||