1 diff -rupN Python-2.6.6_old/Doc/library/ssl.rst Python-2.6.6_new/Doc/library/ssl.rst
2 --- Python-2.6.6_old/Doc/library/ssl.rst 2010-05-16 16:17:51.000000000 +0200
3 +++ Python-2.6.6_new/Doc/library/ssl.rst 2014-09-09 15:06:41.137134815 +0200
4 @@ -218,14 +218,6 @@ Functions, Constants, and Exceptions
5 Note that use of this setting requires a valid certificate validation file
6 also be passed as a value of the ``ca_certs`` parameter.
8 -.. data:: PROTOCOL_SSLv2
10 - Selects SSL version 2 as the channel encryption protocol.
14 - SSL version 2 is insecure. Its use is highly discouraged.
16 .. data:: PROTOCOL_SSLv23
18 Selects SSL version 2 or 3 as the channel encryption protocol. This is a
19 diff -rupN Python-2.6.6_old/Lib/ssl.py Python-2.6.6_new/Lib/ssl.py
20 --- Python-2.6.6_old/Lib/ssl.py 2010-04-28 00:05:18.000000000 +0200
21 +++ Python-2.6.6_new/Lib/ssl.py 2014-09-09 15:06:41.137134815 +0200
22 @@ -49,7 +49,6 @@ CERT_REQUIRED - certificates are require
24 The following constants identify various SSL protocol variants:
30 @@ -61,7 +60,7 @@ import _ssl # if we can't im
32 from _ssl import SSLError
33 from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
34 -from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
35 +from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
36 from _ssl import RAND_status, RAND_egd, RAND_add
38 SSL_ERROR_ZERO_RETURN, \
39 @@ -406,8 +405,6 @@ def get_protocol_name(protocol_code):
41 elif protocol_code == PROTOCOL_SSLv23:
43 - elif protocol_code == PROTOCOL_SSLv2:
45 elif protocol_code == PROTOCOL_SSLv3:
48 diff -rupN Python-2.6.6_old/Lib/test/test_ssl.py Python-2.6.6_new/Lib/test/test_ssl.py
49 --- Python-2.6.6_old/Lib/test/test_ssl.py 2010-08-02 21:56:05.000000000 +0200
50 +++ Python-2.6.6_new/Lib/test/test_ssl.py 2014-09-09 15:06:41.137134815 +0200
51 @@ -58,7 +58,6 @@ class BasicTests(unittest.TestCase):
54 def test_constants(self):
59 @@ -829,19 +828,6 @@ else:
60 bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir,
63 - def test_protocol_sslv2(self):
64 - """Connecting to an SSLv2 server with various client options"""
65 - if test_support.verbose:
66 - sys.stdout.write("\ntest_protocol_sslv2 disabled, "
67 - "as it fails on OpenSSL 1.0.0+")
69 - try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
70 - try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
71 - try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
72 - try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True)
73 - try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
74 - try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
76 def test_protocol_sslv23(self):
77 """Connecting to an SSLv23 server with various client options"""
78 if test_support.verbose:
79 @@ -877,7 +863,6 @@ else:
80 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True)
81 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
82 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
83 - try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
84 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, False)
85 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
87 @@ -890,7 +875,6 @@ else:
88 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True)
89 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
90 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
91 - try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
92 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
93 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23, False)
95 diff -rupN Python-2.6.6_old/Modules/_ssl.c Python-2.6.6_new/Modules/_ssl.c
96 --- Python-2.6.6_old/Modules/_ssl.c 2010-08-03 20:50:32.000000000 +0200
97 +++ Python-2.6.6_new/Modules/_ssl.c 2014-09-09 15:06:41.137134815 +0200
98 @@ -62,8 +62,7 @@ enum py_ssl_cert_requirements {
101 enum py_ssl_version {
102 - PY_SSL_VERSION_SSL2,
103 - PY_SSL_VERSION_SSL3,
104 + PY_SSL_VERSION_SSL3=1,
105 PY_SSL_VERSION_SSL23,
108 @@ -302,8 +301,6 @@ newPySSLObject(PySocketSockObject *Sock,
109 self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
110 else if (proto_version == PY_SSL_VERSION_SSL3)
111 self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
112 - else if (proto_version == PY_SSL_VERSION_SSL2)
113 - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
114 else if (proto_version == PY_SSL_VERSION_SSL23)
115 self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
116 PySSL_END_ALLOW_THREADS
117 @@ -1687,8 +1684,6 @@ init_ssl(void)
118 PY_SSL_CERT_REQUIRED);
120 /* protocol versions */
121 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
122 - PY_SSL_VERSION_SSL2);
123 PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
124 PY_SSL_VERSION_SSL3);
125 PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",