copyleftie
/
gajim-plural
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

use SSLv23 method (it support SSLv2, v3 and TLSv1) instead of only TLSv1 method as some server (gmail) don't support TLSv1 method. fixes #3786

This commit is contained in:
Yann Leboulanger 2008-06-16 14:12:59 +00:00
parent 2f6106bda5
commit 1d745c1c9d
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/common/xmpp/transports_nb.py
View File

@ -758,8 +758,10 @@ class NonBlockingTLS(PlugIn):
log.debug("_startSSL_pyOpenSSL called") log.debug("_startSSL_pyOpenSSL called")
tcpsock = self._owner.Connection tcpsock = self._owner.Connection
# FIXME: should method be configurable? # FIXME: should method be configurable?
tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD) # Some gmail server don't support TLSv1, but only SSLv3, so use method
#tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD) # that allow SSLv2, v3 and TLSv1
#tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
tcpsock.ssl_errnum = 0 tcpsock.ssl_errnum = 0
tcpsock._sslContext.set_verify(OpenSSL.SSL.VERIFY_PEER, self._ssl_verify_callback) tcpsock._sslContext.set_verify(OpenSSL.SSL.VERIFY_PEER, self._ssl_verify_callback)
cacerts = os.path.join(common.gajim.DATA_DIR, 'other', 'cacerts.pem') cacerts = os.path.join(common.gajim.DATA_DIR, 'other', 'cacerts.pem')