From 54e768a6dbe3cadeb456dea37bbeaf6e1e17e87c Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Thu, 9 Jan 2020 10:47:27 +0100 Subject: [PATCH] CVE-2019-11324 Certification mishandle when error should be thrown --- util/ssl_.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/ssl_.py b/util/ssl_.py index 32fd9ed..f9f12ff 100644 --- a/util/ssl_.py +++ b/util/ssl_.py @@ -319,7 +319,7 @@ def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None, if e.errno == errno.ENOENT: raise SSLError(e) raise - elif getattr(context, 'load_default_certs', None) is not None: + elif ssl_context is None and hasattr(context, 'load_default_certs'): # try to load OS default certs; works well on Windows (require Python3.4+) context.load_default_certs() -- 2.24.1