diff options
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch b/meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch deleted file mode 100644 index 3c836635a1..0000000000 --- a/meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 73fbd1e646f6bbf202d4418bae80eb9941fbf552 Mon Sep 17 00:00:00 2001 -From: Casey Deccio <casey@deccio.net> -Date: Fri, 8 Jan 2021 12:43:09 -0700 -Subject: [PATCH] Allow verify_cb_* to be called with ok=True - -With https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58 -OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE ---- - tests/test_ssl.py | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/tests/test_ssl.py b/tests/test_ssl.py -index 92b6942..7a3271a 100644 ---- a/tests/test_ssl.py -+++ b/tests/test_ssl.py -@@ -59,8 +59,13 @@ def allocate_srv_port(): - - - def verify_cb_new_function(ok, store): -- assert not ok - err = store.get_error() -+ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of -+ # aborting, this callback is called to retrieve additional error -+ # information. In this case, ok might not be False. -+ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58 -+ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: -+ assert not ok - assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, - m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, - m2.X509_V_ERR_CERT_UNTRUSTED, -@@ -618,7 +623,12 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase): - - def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok): - try: -- self.assertFalse(ok) -+ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of -+ # aborting, this callback is called to retrieve additional error -+ # information. In this case, ok might not be False. -+ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58 -+ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: -+ self.assertFalse(ok) - self.assertIn(err, - [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, - m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, --- -2.29.2 - |