From 4cbb7591fa219daf0bf9d878ae63deeaf7f7a30f Mon Sep 17 00:00:00 2001
From: Romain Bignon <romain@budget-insight.com>
Date: Wed, 20 Aug 2014 11:11:50 +0200
Subject: [PATCH] force use of TLSv1 on lowsslcheck as the web server's support
 of SSLv3 is broken

---
 modules/caissedepargne/browser.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/caissedepargne/browser.py b/modules/caissedepargne/browser.py
index 83b1cc81..98ebde6c 100644
--- a/modules/caissedepargne/browser.py
+++ b/modules/caissedepargne/browser.py
@@ -18,6 +18,8 @@
 # along with weboob. If not, see <http://www.gnu.org/licenses/>.
 
 
+import ssl
+import hashlib
 from urlparse import urlsplit
 
 from weboob.tools.browser import BaseBrowser, BrowserIncorrectPassword
@@ -43,6 +45,11 @@ class CaisseEpargne(BaseBrowser):
         self.nuser = nuser
         BaseBrowser.__init__(self, *args, **kwargs)
 
+    def _certhash(self, domain, port=443):
+        # XXX overload the BaseBrowser method to force use of TLSv1.
+        certs = ssl.get_server_certificate((domain, port), ssl_version=ssl.PROTOCOL_TLSv1)
+        return hashlib.sha256(certs).hexdigest()
+
     def is_logged(self):
         return self.page is not None and not self.is_on_page((LoginPage,ErrorPage))