[python-httplib2: 1/2] Fixed Bug 840968 - SSL errors when the site certificate contains subjectAltName but DNS is not in it

[Ding-Yi Chen]

commit d773cae6c0b4c655f218ebc1ce0450fe3ef5feae
Author: Ding-Yi Chen <dingyichen at gmail.com>
Date:   Fri Jul 27 18:50:25 2012 +1000

    Fixed Bug 840968 - SSL errors when the site certificate contains subjectAltName but DNS is not in it

 python-httplib2.rfc2459.patch |   19 +++++++++++++++++++
 python-httplib2.spec          |    8 +++++++-
 2 files changed, 26 insertions(+), 1 deletions(-)
---
diff --git a/python-httplib2.rfc2459.patch b/python-httplib2.rfc2459.patch
new file mode 100644
index 0000000..523129e
--- /dev/null
+++ b/python-httplib2.rfc2459.patch
@@ -0,0 +1,19 @@
+diff -up ./python2/httplib2/__init__.py.orig ./python2/httplib2/__init__.py
+--- ./python2/httplib2/__init__.py.orig	2012-07-27 18:35:59.215300471 +1000
++++ ./python2/httplib2/__init__.py	2012-07-27 18:36:30.697287505 +1000
+@@ -943,8 +943,13 @@ class HTTPSConnectionWithTimeout(httplib
+         """
+         if 'subjectAltName' in cert:
+             # Patch from richardfearn at gmail.com
+-	    return [x[1] for x in cert['subjectAltName']
++            # RFC 2459 states that subjectAltName may contain:
++            # either DNS, email, IP or URI
++            # email, URI,
++            hosts=[x[1] for x in cert['subjectAltName']
+                 if x[0].lower() == "dns"]
++	    if hosts:
++		return hosts
+
+         return [x[0][1] for x in cert['subject']
+             if x[0][0].lower() == 'commonname']
+
diff --git a/python-httplib2.spec b/python-httplib2.spec
index c8cb99e..414a380 100644
--- a/python-httplib2.spec
+++ b/python-httplib2.spec
@@ -10,7 +10,7 @@
 
 Name:           python-httplib2
 Version:        0.7.4
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A comprehensive HTTP client library
 Group:          System Environment/Libraries
 License:        MIT
@@ -19,6 +19,7 @@ Source0:        http://httplib2.googlecode.com/files/httplib2-%{version}.tar.gz
 #Patch0:         httplib_py26.diff
 Patch1:         %{name}.certfile.patch
 Patch2:         %{name}.getCertHost.patch
+Patch3:         %{name}.rfc2459.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  python-setuptools-devel
 BuildRequires:  python-devel
@@ -47,6 +48,7 @@ other HTTP libraries.
 #%patch0 -p0 -b .issue39
 %patch1 -p0 -b .certfile
 %patch2 -p0 -b .getCertHost
+%patch3 -p0 -b .rfc2459
 
 %if 0%{?with_python3}
 rm -rf %{py3dir}
@@ -89,6 +91,10 @@ rm -rf $RPM_BUILD_ROOT
 %endif # with_python3
 
 %changelog
+* Fri Jul 27 2012 Ding-Yi Chen <dchen at redhat.com> - 0.7.4-5
+- Fixed Bug 840968 - SSL errors when the site certificate contains
+  subjectAltName but DNS is not in it
+
 * Fri Jun 22 2012 Ding-Yi Chen <dchen at redhat.com> - 0.7.4-4
 - Unify the spec file between EPEL and Fedora.