Date: Thu, 5 Feb 2015 09:01:47 +0000 (UTC) From: Mathieu Arnold <mat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r378448 - in head/devel/mercurial: . files Message-ID: <201502050901.t1591l2f098937@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mat Date: Thu Feb 5 09:01:46 2015 New Revision: 378448 URL: https://svnweb.freebsd.org/changeset/ports/378448 QAT: https://qat.redports.org/buildarchive/r378448/ Log: Fix how OpenSSL context is created to make it possible to push over https again. Submitted by: maintainer Approved by: maintainer Sponsored by: Absolight Added: head/devel/mercurial/files/patch-mercurial_sslutil.py (contents, props changed) Modified: head/devel/mercurial/Makefile Modified: head/devel/mercurial/Makefile ============================================================================== --- head/devel/mercurial/Makefile Thu Feb 5 08:57:04 2015 (r378447) +++ head/devel/mercurial/Makefile Thu Feb 5 09:01:46 2015 (r378448) @@ -3,6 +3,7 @@ PORTNAME= mercurial PORTVERSION= 3.3 +PORTREVISION= 1 CATEGORIES= devel python MASTER_SITES= http://mercurial.selenic.com/release/ Added: head/devel/mercurial/files/patch-mercurial_sslutil.py ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/mercurial/files/patch-mercurial_sslutil.py Thu Feb 5 09:01:46 2015 (r378448) @@ -0,0 +1,18 @@ +Change condition in order to prevent SSLv2 and SSLv3 protocols. +Taken from ${PYTHON_LIBDIR}/ssl.py file (found in 'create_default_context' +function). + +--- mercurial/sslutil.py.orig 2015-02-02 02:20:50 UTC ++++ mercurial/sslutil.py +@@ -29,7 +29,10 @@ try: + # maintainers for us, but that breaks too many things to + # do it in a hurry. + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) +- sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3 ++ # SSLv2 is considered harmful ++ sslcontext.options |= ssl.OP_NO_SSLv2 ++ # SSLv3 has problematic security issue ++ sslcontext.options |= ssl.OP_NO_SSLv3 + if certfile is not None: + sslcontext.load_cert_chain(certfile, keyfile) + sslcontext.verify_mode = cert_reqs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502050901.t1591l2f098937>