On Sun, Nov 16, 2014 at 12:31:53PM +0500, Andrey Rahmatullin wrote:
>
> The problems are caused by disabled SSLv3. See also
> https://bugs.launchpad.net/u1db/+bug/1383475
> I was able to build the package with the following patch:
>
> --- u1db-13.10.orig/u1db/tests/test_https.py
> +++ u1db-13.10/u1db/tests/test_https.py
> @@ -26,7 +26,7 @@ def https_server_def():
> 'testing.cert')
> key_file = os.path.join(os.path.dirname(__file__), 'testing-certs',
> 'testing.key')
> - ssl_context = SSL.Context(SSL.SSLv23_METHOD)
> + ssl_context = SSL.Context(SSL.TLSv1_METHOD)
> ssl_context.use_privatekey_file(key_file)
> ssl_context.use_certificate_chain_file(cert_file)
> srv = httpserver.WSGIServerBase(application, host_port,
This is wrong. Using SSLv23 is the correct function to use.
> Index: u1db-13.10/u1db/remote/http_client.py
> ===================================================================
> --- u1db-13.10.orig/u1db/remote/http_client.py
> +++ u1db-13.10/u1db/remote/http_client.py
> @@ -77,7 +77,7 @@ class _VerifiedHTTPSConnection(httplib.H
> # XXX no cert verification implemented elsewhere for now
> cert_opts = {}
> self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
> - ssl_version=ssl.PROTOCOL_SSLv3,
> + ssl_version=ssl.PROTOCOL_TLSv1,
> **cert_opts
> )
> if cert_opts:
Same here, it should have changed to ssl.PROTOCOL_SSLv23
Kurt
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
