1 files changed, 0 insertions, 104 deletions

diff --git a/dev-python/boto/files/boto-2.49.0-try-to-add-SNI-support-v3.patch b/dev-python/boto/files/boto-2.49.0-try-to-add-SNI-support-v3.patch
deleted file mode 100644
index 11d346a2199e..000000000000
--- a/dev-python/boto/files/boto-2.49.0-try-to-add-SNI-support-v3.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From f5e7f6c98b46ff622f60a4661ffc9ce07216d109 Mon Sep 17 00:00:00 2001
-From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
-Date: Sat, 29 Sep 2018 21:47:11 +0200
-Subject: [PATCH] boto: try to add SNI support
-
-Add SNI support. Newer OpenSSL (with TLS1.3) fail to connect if the
-hostname is missing.
-
-Link: https://bugs.debian.org/bug=909545
-Tested-by: Witold Baryluk <witold.baryluk@gmail.com>
-Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
----
- boto/connection.py       | 19 ++++++++++---------
- boto/https_connection.py | 22 +++++++++++-----------
- 2 files changed, 21 insertions(+), 20 deletions(-)
-
-diff --git a/boto/connection.py b/boto/connection.py
-index 34b428f101df7..b4867a7657465 100644
---- a/boto/connection.py
-+++ b/boto/connection.py
-@@ -778,8 +778,10 @@
- 
-     def proxy_ssl(self, host=None, port=None):
-         if host and port:
-+            cert_host = host
-             host = '%s:%d' % (host, port)
-         else:
-+            cert_host = self.host
-             host = '%s:%d' % (self.host, self.port)
-         # Seems properly to use timeout for connect too
-         timeout = self.http_connection_kwargs.get("timeout")
-@@ -824,23 +824,24 @@ DEFAULT_CA_CERTS_FILE = os.path.join(os.path.dirname(os.path.abspath(boto.cacert
-         h = http_client.HTTPConnection(host)
- 
-         if self.https_validate_certificates and HAVE_HTTPS_CONNECTION:
-+            context = ssl.create_default_context()
-+            context.verify_mode = ssl.CERT_REQUIRED
-+            context.check_hostname = True
-+
-             msg = "wrapping ssl socket for proxied connection; "
-             if self.ca_certificates_file:
-                 msg += "CA certificate file=%s" % self.ca_certificates_file
-+                context.load_verify_locations(cafile=self.ca_certificates_file)
-             else:
-                 msg += "using system provided SSL certs"
-+                context.load_default_certs()
-             boto.log.debug(msg)
-             key_file = self.http_connection_kwargs.get('key_file', None)
-             cert_file = self.http_connection_kwargs.get('cert_file', None)
--            sslSock = ssl.wrap_socket(sock, keyfile=key_file,
--                                      certfile=cert_file,
--                                      cert_reqs=ssl.CERT_REQUIRED,
--                                      ca_certs=self.ca_certificates_file)
--            cert = sslSock.getpeercert()
--            hostname = self.host.split(':', 0)[0]
--            if not https_connection.ValidateCertificateHostname(cert, hostname):
--                raise https_connection.InvalidCertificateException(
--                    hostname, cert, 'hostname mismatch')
-+            if key_file:
-+                context.load_cert_chain(certfile=cert_file, keyfile=key_file)
-+
-+            sslSock = context.wrap_socket(sock, server_hostname=cert_host)
-         else:
-             # Fallback for old Python without ssl.wrap_socket
-             if hasattr(http_client, 'ssl'):
-diff --git a/boto/https_connection.py b/boto/https_connection.py
-index ddc31a152292e..a5076f6f9b261 100644
---- a/boto/https_connection.py
-+++ b/boto/https_connection.py
-@@ -119,20 +119,20 @@ from boto.compat import six, http_client
-             sock = socket.create_connection((self.host, self.port), self.timeout)
-         else:
-             sock = socket.create_connection((self.host, self.port))
-+
-+        context = ssl.create_default_context()
-+        context.verify_mode = ssl.CERT_REQUIRED
-+        context.check_hostname = True
-+        if self.key_file:
-+            context.load_cert_chain(certfile=self.cert_file, keyfile=self.key_file)
-+
-         msg = "wrapping ssl socket; "
-         if self.ca_certs:
-             msg += "CA certificate file=%s" % self.ca_certs
-+            context.load_verify_locations(cafile=self.ca_certs)
-         else:
-             msg += "using system provided SSL certs"
-+            context.load_default_certs()
-         boto.log.debug(msg)
--        self.sock = ssl.wrap_socket(sock, keyfile=self.key_file,
--                                    certfile=self.cert_file,
--                                    cert_reqs=ssl.CERT_REQUIRED,
--                                    ca_certs=self.ca_certs)
--        cert = self.sock.getpeercert()
--        hostname = self.host.split(':', 0)[0]
--        if not ValidateCertificateHostname(cert, hostname):
--            raise InvalidCertificateException(hostname,
--                                              cert,
--                                              'remote hostname "%s" does not match '
--                                              'certificate' % hostname)
-+
-+        self.sock = context.wrap_socket(sock, server_hostname=self.host)
--- 
-2.19.0
-