summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-09-17 17:39:30 +0200
committerMarius Bakke <mbakke@fastmail.com>2017-09-17 18:50:00 +0200
commit881006b65cd7693a1f473870fef1ae38f497f9ae (patch)
treee852ab9c0debc15f596fc55e04a03811b2b16c06 /gnu/packages/patches
parent0c19c0f272f89fd94e88f1d7fd8e581b47bad3e7 (diff)
downloadguix-881006b65cd7693a1f473870fef1ae38f497f9ae.tar.gz
gnu: certbot: Fix build with python-pyopenssl >= 17.3.0.
* gnu/packages/patches/python-acme-dont-use-openssl-rand.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/tls.scm (python-acme)[source]: Use it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/python-acme-dont-use-openssl-rand.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch
new file mode 100644
index 0000000000..78920629c0
--- /dev/null
+++ b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch
@@ -0,0 +1,28 @@
+Fix build with PyOpenSSL > 17.2.0.
+
+See <https://github.com/certbot/certbot/issues/5111>.
+
+Patch copied from upstream source repository:
+https://github.com/certbot/certbot/commit/f6be07da74c664b57ac8c053585f919c79f9af44
+
+diff --git a/acme/crypto_util.py b/acme/crypto_util.py
+index de15284c03..b8fba03488 100644
+--- a/acme/crypto_util.py
++++ b/acme/crypto_util.py
+@@ -2,6 +2,7 @@
+ import binascii
+ import contextlib
+ import logging
++import os
+ import re
+ import socket
+ import sys
+@@ -243,7 +244,7 @@ def gen_ss_cert(key, domains, not_before=None,
+     """
+     assert domains, "Must provide one or more hostnames for the cert."
+     cert = OpenSSL.crypto.X509()
+-    cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16))
++    cert.set_serial_number(int(binascii.hexlify(os.urandom(16)), 16))
+     cert.set_version(2)
+ 
+     extensions = [