diff options
| author |   Patrick McLean <patrick.mclean@sony.com> | 2020-05-12 19:52:04 -0700 |
|---|---|---|
| committer |   Patrick McLean <chutzpah@gentoo.org> | 2020-05-12 19:52:04 -0700 |
| commit | 82b7575af725c12d4d54dd067ef1caf41d53a636 (patch) | |
| tree | f70a18beb2ed3023ec6addd4bc765913fb62febf /dev-python/boto | |
| parent | dev-python/llfuse-1.3.6: bump, EAPI=7, py38 (diff) | |
| download | gentoo-82b7575af725c12d4d54dd067ef1caf41d53a636.tar.gz gentoo-82b7575af725c12d4d54dd067ef1caf41d53a636.tar.bz2 gentoo-82b7575af725c12d4d54dd067ef1caf41d53a636.zip | |
dev-python/boto-2.49.0-r2: revbump, add patch for py38
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Patrick McLean <chutzpah@gentoo.org>
Diffstat (limited to 'dev-python/boto')
| -rw-r--r-- | dev-python/boto/boto-2.49.0-r2.ebuild (renamed from dev-python/boto/boto-2.49.0-r1.ebuild) | 5 | ||||
| -rw-r--r-- | dev-python/boto/files/boto-try-to-add-SNI-support-v2.patch | 93 |
2 files changed, 98 insertions, 0 deletions
diff --git a/dev-python/boto/boto-2.49.0-r1.ebuild b/dev-python/boto/boto-2.49.0-r2.ebuild index 7bc0f11b0faf..4cb94d5afa65 100644 --- a/dev-python/boto/boto-2.49.0-r1.ebuild +++ b/dev-python/boto/boto-2.49.0-r2.ebuild @@ -24,6 +24,11 @@ RESTRICT="!test? ( test )" # requires Amazon Web Services keys to pass some tests RESTRICT+=" test" +PATCHES=( + # taken from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909545 + "${FILESDIR}/boto-try-to-add-SNI-support-v2.patch" +) + python_test() { "${PYTHON}" tests/test.py -v || die "Tests fail with ${EPYTHON}" } diff --git a/dev-python/boto/files/boto-try-to-add-SNI-support-v2.patch b/dev-python/boto/files/boto-try-to-add-SNI-support-v2.patch new file mode 100644 index 000000000000..76ae2cd3964b --- /dev/null +++ b/dev-python/boto/files/boto-try-to-add-SNI-support-v2.patch @@ -0,0 +1,93 @@ +From f5e7f6c98b46ff622f60a4661ffc9ce07216d109 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +Date: Sat, 29 Sep 2018 21:47:11 +0200 +Subject: [PATCH] boto: try to add SNI support + +Add SNI support. Newer OpenSSL (with TLS1.3) fail to connect if the +hostname is missing. + +Link: https://bugs.debian.org/bug=909545 +Tested-by: Witold Baryluk <witold.baryluk@gmail.com> +Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +--- + boto/connection.py | 19 ++++++++++--------- + boto/https_connection.py | 22 +++++++++++----------- + 2 files changed, 21 insertions(+), 20 deletions(-) + +diff --git a/boto/connection.py b/boto/connection.py +index 34b428f101df7..b4867a7657465 100644 +--- a/boto/connection.py ++++ b/boto/connection.py +@@ -824,23 +824,24 @@ DEFAULT_CA_CERTS_FILE = os.path.join(os.path.dirname(os.path.abspath(boto.cacert + h = http_client.HTTPConnection(host) + + if self.https_validate_certificates and HAVE_HTTPS_CONNECTION: ++ context = ssl.create_default_context() ++ context.verify_mode = ssl.CERT_REQUIRED ++ context.check_hostname = True ++ + msg = "wrapping ssl socket for proxied connection; " + if self.ca_certificates_file: + msg += "CA certificate file=%s" % self.ca_certificates_file ++ context.load_verify_locations(cafile=self.ca_certificates_file) + else: + msg += "using system provided SSL certs" ++ context.load_default_certs() + boto.log.debug(msg) + key_file = self.http_connection_kwargs.get('key_file', None) + cert_file = self.http_connection_kwargs.get('cert_file', None) +- sslSock = ssl.wrap_socket(sock, keyfile=key_file, +- certfile=cert_file, +- cert_reqs=ssl.CERT_REQUIRED, +- ca_certs=self.ca_certificates_file) +- cert = sslSock.getpeercert() +- hostname = self.host.split(':', 0)[0] +- if not https_connection.ValidateCertificateHostname(cert, hostname): +- raise https_connection.InvalidCertificateException( +- hostname, cert, 'hostname mismatch') ++ if key_file: ++ context.load_cert_chain(certfile=cert_file, keyfile=key_file) ++ ++ sslSock = context.wrap_socket(sock, server_hostname=host) + else: + # Fallback for old Python without ssl.wrap_socket + if hasattr(http_client, 'ssl'): +diff --git a/boto/https_connection.py b/boto/https_connection.py +index ddc31a152292e..a5076f6f9b261 100644 +--- a/boto/https_connection.py ++++ b/boto/https_connection.py +@@ -119,20 +119,20 @@ from boto.compat import six, http_client + sock = socket.create_connection((self.host, self.port), self.timeout) + else: + sock = socket.create_connection((self.host, self.port)) ++ ++ context = ssl.create_default_context() ++ context.verify_mode = ssl.CERT_REQUIRED ++ context.check_hostname = True ++ if self.key_file: ++ context.load_cert_chain(certfile=self.cert_file, keyfile=self.key_file) ++ + msg = "wrapping ssl socket; " + if self.ca_certs: + msg += "CA certificate file=%s" % self.ca_certs ++ context.load_verify_locations(cafile=self.ca_certs) + else: + msg += "using system provided SSL certs" ++ context.load_default_certs() + boto.log.debug(msg) +- self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, +- certfile=self.cert_file, +- cert_reqs=ssl.CERT_REQUIRED, +- ca_certs=self.ca_certs) +- cert = self.sock.getpeercert() +- hostname = self.host.split(':', 0)[0] +- if not ValidateCertificateHostname(cert, hostname): +- raise InvalidCertificateException(hostname, +- cert, +- 'remote hostname "%s" does not match ' +- 'certificate' % hostname) ++ ++ self.sock = context.wrap_socket(sock, server_hostname=self.host) +-- +2.19.0 + |