[issue25672] set SSL_MODE_RELEASE_BUFFERS
Cory Benfield
report at bugs.python.org
Fri Nov 20 06:10:00 EST 2015
Cory Benfield added the comment:
Thanks for the updated info Marc-Andre.
Yeah, while generally speaking OpenSSL doesn't ship betas, it does provide them as tarballs. I have a beta of 1.0.2 floating around somewhere on my machine that I was using for ALPN testing back in 2014, and so I can speak from personal experience and say that people do actually work with betas sometimes. On this issue (defending ourselves from a CVE) my instinct is to be conservative. However, we should allow later patch releases of OpenSSL 1.0.0 to have this optimisation if they're safe.
Therefore, I've uploaded a new patch that does allow for 1.0.0m and later to use this optimisation too. It makes the conditional a little more complex, but c'est la vie.
----------
Added file: http://bugs.python.org/file41094/ssl3.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25672>
_______________________________________
More information about the Python-bugs-list
mailing list