[issue25672] set SSL_MODE_RELEASE_BUFFERS
Marc-Andre Lemburg
report at bugs.python.org
Fri Nov 20 06:51:36 EST 2015
Marc-Andre Lemburg added the comment:
On 20.11.2015 12:10, Cory Benfield wrote:
> Yeah, while generally speaking OpenSSL doesn't ship betas, it does provide them as tarballs. I have a beta of 1.0.2 floating around somewhere on my machine that I was using for ALPN testing back in 2014, and so I can speak from personal experience and say that people do actually work with betas sometimes. On this issue (defending ourselves from a CVE) my instinct is to be conservative. However, we should allow later patch releases of OpenSSL 1.0.0 to have this optimisation if they're safe.
Ah, right. For new major release versions such as 1.0.1 or 1.0.2
they do ship betas, but historically they have often introduced
new features in their abcde... level releases without doing
betas for those first - that's what I was thinking of :-)
> Therefore, I've uploaded a new patch that does allow for 1.0.0m and later to use this optimisation too. It makes the conditional a little more complex, but c'est la vie.
LGTM
Thanks,
--
Marc-Andre Lemburg
eGenix.com
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25672>
_______________________________________
More information about the Python-bugs-list
mailing list