From aafa79c0f5e3d05c28d8f41804ae692931e67d7e Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Thu, 4 Dec 2014 18:13:06 +0100
Subject: fix ssl negotiation

since ssl.SSLContext does not exist prior to python 2.7.9
---
 client/src/leap/soledad/client/__init__.py | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/client/src/leap/soledad/client/__init__.py b/client/src/leap/soledad/client/__init__.py
index a4030d88..d7d01b57 100644
--- a/client/src/leap/soledad/client/__init__.py
+++ b/client/src/leap/soledad/client/__init__.py
@@ -809,22 +809,25 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
             self.sock = sock
             self._tunnel()
 
-        # negotiate the best availabe version...
-        ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+        highest_supported = ssl.PROTOCOL_SSLv23
 
-        # but if possible, we want to disable bad ones
-        # needs python 2.7.9+
         try:
+            # needs python 2.7.9+
+            # negotiate the best available version,
+            # but explicitely disabled bad ones.
+            ctx = ssl.SSLContext(highest_supported)
             ctx.options |= ssl.OP_NO_SSLv2
             ctx.options |= ssl.OP_NO_SSLv3
-        except AttributeError:
-            pass
 
-        ctx.load_cert_chain(certfile=SOLEDAD_CERT)
-        ctx.verify_mode = ssl.CERT_REQUIRED
+            ctx.load_cert_chain(certfile=SOLEDAD_CERT)
+            ctx.verify_mode = ssl.CERT_REQUIRED
+            self.sock = ctx.wrap_socket(
+                sock, server_side=True, server_hostname=self.host)
 
-        self.sock = ctx.wrap_socket(
-            sock, server_side=True, server_hostname=self.host)
+        except AttributeError:
+            self.sock = ssl.wrap_socket(
+                sock, ca_certs=SOLEDAD_CERT, cert_reqs=ssl.CERT_REQUIRED,
+                ssl_version=highest_supported)
 
         match_hostname(self.sock.getpeercert(), self.host)
 
-- 
cgit v1.2.3