Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
The changes introduced in aafa79c0f5 having to do with the cert
verification are incorrect, regarding the use of the newest ssl context
api introduced in python 2.7.9. There the use of the server setup was
taken, instead of the correct client options.
I hereby apologize for the insuficient testing on that fix. It happens
that I wrongly tested in an evironment that did the fallback to
pre-2.7.9 interpreter.
|
|
(#6400).
|
|
|
|
since ssl.SSLContext does not exist prior to python 2.7.9
|
|
Although the API can be misleading, PROTOCOL_SSLv23 selects the highest
protocol version that both the client and server support. Despite the
name, this option can select “TLS” protocols as well as “SSL”.
In this way, we can use TLSv1.2 (PROTOCOL_TLSv1 will *only* give us TLS
v1.0)
In the client side, we try to disable SSLv2 and SSLv3 options
explicitely.
The python version in wheezy does not offer PROTOCOL_TLSv1_2 nor
OP_NO_SSLv2 or OP_NO_SSLv3 (It's new in 2.7.9)
|
|
|
|
|
|
sync_target connection for it to be able to sync again
|
|
(#5975).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|