27 lines
880 B
Diff
27 lines
880 B
Diff
From 54e768a6dbe3cadeb456dea37bbeaf6e1e17e87c Mon Sep 17 00:00:00 2001
|
|
From: Lumir Balhar <lbalhar@redhat.com>
|
|
Date: Thu, 9 Jan 2020 10:47:27 +0100
|
|
Subject: [PATCH] CVE-2019-11324 Certification mishandle when error should be
|
|
thrown
|
|
|
|
---
|
|
util/ssl_.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/util/ssl_.py b/util/ssl_.py
|
|
index 32fd9ed..f9f12ff 100644
|
|
--- a/util/ssl_.py
|
|
+++ b/util/ssl_.py
|
|
@@ -319,7 +319,7 @@ def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None,
|
|
if e.errno == errno.ENOENT:
|
|
raise SSLError(e)
|
|
raise
|
|
- elif getattr(context, 'load_default_certs', None) is not None:
|
|
+ elif ssl_context is None and hasattr(context, 'load_default_certs'):
|
|
# try to load OS default certs; works well on Windows (require Python3.4+)
|
|
context.load_default_certs()
|
|
|
|
--
|
|
2.24.1
|
|
|