Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.

This commit is contained in:
Antoine Pitrou 2012-01-27 09:48:47 +01:00
parent 889bb2969d
commit f2bf8a6ac5
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Misc/NEWS
View File

@ -13,6 +13,9 @@ Core and Builtins
Library
-------
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
- Issue #11603: Fix a crash when __str__ is rebound as __repr__. Patch by
Andreas Stührk.

3
Modules/_ssl.c
View File

@ -365,7 +365,8 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
}
/* ssl compatibility */
SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
SSL_CTX_set_options(self->ctx,
SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
verification_mode = SSL_VERIFY_NONE;
if (certreq == PY_SSL_CERT_OPTIONAL)