You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
1.2 KiB
36 lines
1.2 KiB
10 years ago
|
From 07d1eb810930fa1de7c89bad817ccca68b9ec7bc Mon Sep 17 00:00:00 2001
|
||
|
|
From: Mike McLean <mikem@redhat.com>
|
||
|
|
Date: Wed, 15 Oct 2014 10:54:31 -0400
|
||
|
|
Subject: [PATCH] use TLSv1.
|
||
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1152823
|
||
|
|
|
||
|
|
---
|
||
|
|
koji/ssl/SSLCommon.py | 4 ++--
|
||
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/koji/ssl/SSLCommon.py b/koji/ssl/SSLCommon.py
|
||
|
|
index 1a3b3d6..014fbf6 100644
|
||
|
|
--- a/koji/ssl/SSLCommon.py
|
||
|
|
+++ b/koji/ssl/SSLCommon.py
|
||
|
|
@@ -37,7 +37,7 @@ def CreateSSLContext(certs):
|
||
|
|
if f and not os.access(f, os.R_OK):
|
||
|
|
raise StandardError, "%s does not exist or is not readable" % f
|
||
|
|
|
||
|
|
- ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only
|
||
|
|
+ ctx = SSL.Context(SSL.TLSv1_METHOD) # TLS v1 only
|
||
|
|
ctx.use_certificate_file(key_and_cert)
|
||
|
|
ctx.use_privatekey_file(key_and_cert)
|
||
|
|
ctx.load_client_ca(ca_cert)
|
||
|
|
@@ -45,7 +45,7 @@ def CreateSSLContext(certs):
|
||
|
|
verify = SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT
|
||
|
|
ctx.set_verify(verify, our_verify)
|
||
|
|
ctx.set_verify_depth(10)
|
||
|
|
- ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1)
|
||
|
|
+ ctx.set_options(SSL.OP_NO_SSLv3 | SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1)
|
||
|
|
return ctx
|
||
|
|
|
||
|
|
|
||
|
|
--
|
||
|
|
2.2.0
|
||
|
|
|