[python-httplib2: 1/2] Fixed Bug 840968 - SSL errors when the site certificate contains subjectAltName but DNS is not in it
Ding-Yi Chen
dchen at fedoraproject.org
Mon Jul 30 01:08:32 UTC 2012
commit d773cae6c0b4c655f218ebc1ce0450fe3ef5feae
Author: Ding-Yi Chen <dingyichen at gmail.com>
Date: Fri Jul 27 18:50:25 2012 +1000
Fixed Bug 840968 - SSL errors when the site certificate contains subjectAltName but DNS is not in it
python-httplib2.rfc2459.patch | 19 +++++++++++++++++++
python-httplib2.spec | 8 +++++++-
2 files changed, 26 insertions(+), 1 deletions(-)
---
diff --git a/python-httplib2.rfc2459.patch b/python-httplib2.rfc2459.patch
new file mode 100644
index 0000000..523129e
--- /dev/null
+++ b/python-httplib2.rfc2459.patch
@@ -0,0 +1,19 @@
+diff -up ./python2/httplib2/__init__.py.orig ./python2/httplib2/__init__.py
+--- ./python2/httplib2/__init__.py.orig 2012-07-27 18:35:59.215300471 +1000
++++ ./python2/httplib2/__init__.py 2012-07-27 18:36:30.697287505 +1000
+@@ -943,8 +943,13 @@ class HTTPSConnectionWithTimeout(httplib
+ """
+ if 'subjectAltName' in cert:
+ # Patch from richardfearn at gmail.com
+- return [x[1] for x in cert['subjectAltName']
++ # RFC 2459 states that subjectAltName may contain:
++ # either DNS, email, IP or URI
++ # email, URI,
++ hosts=[x[1] for x in cert['subjectAltName']
+ if x[0].lower() == "dns"]
++ if hosts:
++ return hosts
+
+ return [x[0][1] for x in cert['subject']
+ if x[0][0].lower() == 'commonname']
+
diff --git a/python-httplib2.spec b/python-httplib2.spec
index c8cb99e..414a380 100644
--- a/python-httplib2.spec
+++ b/python-httplib2.spec
@@ -10,7 +10,7 @@
Name: python-httplib2
Version: 0.7.4
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: A comprehensive HTTP client library
Group: System Environment/Libraries
License: MIT
@@ -19,6 +19,7 @@ Source0: http://httplib2.googlecode.com/files/httplib2-%{version}.tar.gz
#Patch0: httplib_py26.diff
Patch1: %{name}.certfile.patch
Patch2: %{name}.getCertHost.patch
+Patch3: %{name}.rfc2459.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: python-setuptools-devel
BuildRequires: python-devel
@@ -47,6 +48,7 @@ other HTTP libraries.
#%patch0 -p0 -b .issue39
%patch1 -p0 -b .certfile
%patch2 -p0 -b .getCertHost
+%patch3 -p0 -b .rfc2459
%if 0%{?with_python3}
rm -rf %{py3dir}
@@ -89,6 +91,10 @@ rm -rf $RPM_BUILD_ROOT
%endif # with_python3
%changelog
+* Fri Jul 27 2012 Ding-Yi Chen <dchen at redhat.com> - 0.7.4-5
+- Fixed Bug 840968 - SSL errors when the site certificate contains
+ subjectAltName but DNS is not in it
+
* Fri Jun 22 2012 Ding-Yi Chen <dchen at redhat.com> - 0.7.4-4
- Unify the spec file between EPEL and Fedora.
More information about the scm-commits
mailing list