Message 232527 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	alex, benjamin.peterson, christian.heimes, doko, dstufft, giampaolo.rodola, janssen, kroeckx, ned.deily, pitrou, python-dev, vstinner
Date	2014-12-12.11:31:40
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1418383900.7.0.802906239842.issue22935@psf.upfronthosting.co.za>
In-reply-to

Content
> The changes for 3.4 are incomplete Ok, I fixed most obvious issues. There is a major severe issue in Lib/ssl.py: def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ... This line fails if PROTOCOL_SSLv3 name does not exist. I propose to use PROTOCOL_SSLv23 by default if PROTOCOL_SSLv3 does not exist, as done in Python 3.5. See attached patch. A better option (more secure?) is to use PROTOCOL_SSLv23 by default. What do you think? I prefer to switch to PROTOCOL_SSLv23 by default in Python 3.4.

> The changes for 3.4 are incomplete

Ok, I fixed most obvious issues. There is a major severe issue in Lib/ssl.py:

    def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
        ...


This line fails if PROTOCOL_SSLv3 name does not exist. I propose to use PROTOCOL_SSLv23 by default if PROTOCOL_SSLv3 does not exist, as done in Python 3.5. See attached patch.

A better option (more secure?) is to use PROTOCOL_SSLv23 by default.

What do you think? I prefer to switch to PROTOCOL_SSLv23 by default in Python 3.4.

History
Date	User	Action	Args
2014-12-12 11:31:40	vstinner	set	recipients: + vstinner, doko, janssen, pitrou, giampaolo.rodola, christian.heimes, benjamin.peterson, ned.deily, alex, python-dev, dstufft, kroeckx
2014-12-12 11:31:40	vstinner	set	messageid: <1418383900.7.0.802906239842.issue22935@psf.upfronthosting.co.za>
2014-12-12 11:31:40	vstinner	link	issue22935 messages
2014-12-12 11:31:40	vstinner	create