1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Description: Use TLS instead of SSLv3
* Add patch to use TLS instead of SSLv3, which is no longer supported
server side (Closes: #776538)
Author: Scott Kitterman <scott@kitterman.com>
Bug-Debian: http://bugs.debian.org/776538
Forwarded: no
Last-Update: 2015-02-09
--- python-apns-client-0.1.8.orig/apnsclient/apns.py
+++ python-apns-client-0.1.8/apnsclient/apns.py
@@ -63,7 +63,11 @@ class Certificate(object):
- `key_file` (str): private key in PEM format from file.
- `passphrase` (str): passphrase for your private key.
"""
- self._context = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv3_METHOD)
+ # The name SSLv23 is misleading. It's actually SSLv3 and all TLS versions,
+ # so changing SSLv3 to v23 enables TLS.
+ self._context = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
+ # Then this option excludes SSLv3, which is no longer supported server side.
+ self._context.set_options(OpenSSL.SSL.OP_NO_SSLv3)
if cert_file:
# we have to load certificate for equality check. there is no
|
