[python-backports-ssl_match_hostname] Initial commit (3.2-0.2.a3)
Ian Weller
ianweller at fedoraproject.org
Wed Feb 13 02:17:37 UTC 2013
commit 7f4eba90aac23add9aa8482ef01594e90bc08a1a
Author: Ian Weller <ian at ianweller.org>
Date: Tue Feb 12 20:17:22 2013 -0600
Initial commit (3.2-0.2.a3)
.gitignore | 1 +
python-backports-ssl_match_hostname.spec | 58 ++++++++++++++++++++++++++++++
sources | 1 +
ssl_match_hostname-issue12000.patch | 24 ++++++++++++
4 files changed, 84 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..ff9c95e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/backports.ssl_match_hostname-3.2a3.tar.gz
diff --git a/python-backports-ssl_match_hostname.spec b/python-backports-ssl_match_hostname.spec
new file mode 100644
index 0000000..6effe6d
--- /dev/null
+++ b/python-backports-ssl_match_hostname.spec
@@ -0,0 +1,58 @@
+%global module_name backports.ssl_match_hostname
+%global alphatag a3
+%global fullversion %{version}%{alphatag}
+
+Name: python-backports-ssl_match_hostname
+Version: 3.2
+Release: 0.2.%{alphatag}%{?dist}
+Summary: The ssl.match_hostname() function from Python 3.2
+
+# Webpages claim MIT but the code is cut-and-paste from Python source code
+License: Python
+URL: https://bitbucket.org/brandon/backports.ssl_match_hostname
+Source0: http://pypi.python.org/packages/source/b/backports.ssl_match_hostname/backports.ssl_match_hostname-%{fullversion}.tar.gz
+Patch0: ssl_match_hostname-issue12000.patch
+
+BuildArch: noarch
+BuildRequires: python2-devel
+BuildRequires: python-setuptools
+
+%description
+The Secure Sockets layer is only actually secure if you check the hostname in
+the certificate returned by the server to which you are connecting, and verify
+that it matches to hostname that you are trying to reach.
+
+But the matching logic, defined in RFC2818, can be a bit tricky to implement on
+your own. So the ssl package in the Standard Library of Python 3.2 now includes
+a match_hostname() function for performing this check instead of requiring
+every application to implement the check separately.
+
+This backport brings match_hostname() to users of earlier versions of Python.
+The actual code inside comes verbatim from Python 3.2.
+
+
+%prep
+%setup -qn %{module_name}-%{fullversion}
+%patch0 -p1
+mv src/backports/ssl_match_hostname/README.txt ./
+
+
+%build
+python setup.py build
+
+
+%install
+python setup.py install -O1 --skip-build --root %{buildroot}
+
+
+%files
+%doc README.txt
+%{python_sitelib}/*
+
+
+%changelog
+* Tue Feb 05 2013 Ian Weller <iweller at redhat.com> - 3.2-0.2.a3
+- Fix Python issue 12000
+
+* Fri Dec 07 2012 Ian Weller <iweller at redhat.com> - 3.2-0.1.a3
+- Initial package build
diff --git a/sources b/sources
index e69de29..e4fd269 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+42adbd3c15d78eb6b7b7c654ec5c717c backports.ssl_match_hostname-3.2a3.tar.gz
diff --git a/ssl_match_hostname-issue12000.patch b/ssl_match_hostname-issue12000.patch
new file mode 100644
index 0000000..86c18c3
--- /dev/null
+++ b/ssl_match_hostname-issue12000.patch
@@ -0,0 +1,24 @@
+diff -up backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py.orig backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py
+--- backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py.orig 2010-10-15 17:40:13.000000000 -0500
++++ backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py 2013-02-05 17:24:13.706427017 -0600
+@@ -2,7 +2,7 @@
+
+ import re
+
+-__version__ = '3.2a3'
++__version__ = '3.2.2'
+
+ class CertificateError(ValueError):
+ pass
+@@ -37,8 +37,9 @@ def match_hostname(cert, hostname):
+ if _dnsname_to_pat(value).match(hostname):
+ return
+ dnsnames.append(value)
+- if not san:
+- # The subject is only checked when subjectAltName is empty
++ if not dnsnames:
++ # The subject is only checked when there is no dNSName entry
++ # in subjectAltName
+ for sub in cert.get('subject', ()):
+ for key, value in sub:
+ # XXX according to RFC 2818, the most specific Common Name
More information about the scm-commits
mailing list