From: Daira Hopwood Date: Sat, 12 Apr 2014 17:11:05 +0000 (+0100) Subject: OpenSSL version check: 1.0.2-beta and 1.0.2-beta1 are vulnerable. X-Git-Url: https://git.rkrishnan.org/reliability?a=commitdiff_plain;h=refs%2Fheads%2F2215-refuse-vulnerable-openssl;p=tahoe-lafs%2Ftahoe-lafs.git OpenSSL version check: 1.0.2-beta and 1.0.2-beta1 are vulnerable. Signed-off-by: Daira Hopwood --- diff --git a/src/allmydata/__init__.py b/src/allmydata/__init__.py index 94ad355c..44081566 100644 --- a/src/allmydata/__init__.py +++ b/src/allmydata/__init__.py @@ -422,7 +422,8 @@ def check_openssl_version(SSL): if ((numeric_components == [0, 9, 8] and components[2] >= '8y') or (numeric_components == [1, 0, 0] and components[2] >= '0l') or (numeric_components == [1, 0, 1] and components[2] >= '1g') or - (numeric_components >= [1, 0, 2])): + (numeric_components == [1, 0, 2] and not components[2].startswith('2-beta')) or + (numeric_components >= [1, 0, 3])): return if numeric_components == [1, 0, 1] and components[2] >= '1d': diff --git a/src/allmydata/test/test_version.py b/src/allmydata/test/test_version.py index c6ba1087..73df5a71 100644 --- a/src/allmydata/test/test_version.py +++ b/src/allmydata/test/test_version.py @@ -142,6 +142,7 @@ class CheckRequirement(unittest.TestCase): self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.1e 7 Abc 2014")) self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.1e invalid_date")) self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.1e 7 Apr")) + self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.2-beta1")) self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 0.10")) self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 0.10.0")) self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.0")) @@ -160,6 +161,7 @@ class CheckRequirement(unittest.TestCase): check_openssl_version(MockSSL("OpenSSL 1.0.1zzz")) check_openssl_version(MockSSL("OpenSSL 1.0.2")) check_openssl_version(MockSSL("OpenSSL 1.0.2a")) + check_openssl_version(MockSSL("OpenSSL 1.0.3")) check_openssl_version(MockSSL("OpenSSL 1.0.10a")) check_openssl_version(MockSSL("OpenSSL 1.1")) check_openssl_version(MockSSL("OpenSSL 1.1.0"))