[pywbem] skip hostname check when no verification is desired
Michal Minar
miminar at fedoraproject.org
Fri Jan 3 07:46:43 UTC 2014
commit 39bb7a21e227586fb7a803e663e2e02d11e394a0
Author: Michal Minar <miminar at redhat.com>
Date: Fri Jan 3 07:54:15 2014 +0100
skip hostname check when no verification is desired
If the peer certificate's verification is disabled with no_verification
option, hostname check needs to be skipped as well.
Related: rhbz#1026891
pywbem-20131121-ssl_verify_host.patch | 20 +++++++++++---------
pywbem.spec | 5 ++++-
2 files changed, 15 insertions(+), 10 deletions(-)
---
diff --git a/pywbem-20131121-ssl_verify_host.patch b/pywbem-20131121-ssl_verify_host.patch
index 985eb9e..a707e42 100644
--- a/pywbem-20131121-ssl_verify_host.patch
+++ b/pywbem-20131121-ssl_verify_host.patch
@@ -38,7 +38,7 @@ Index: pywbem-20131121/cim_http.py
"""Send XML data over HTTP to the specified url. Return the
response in XML. Uses Python's build-in httplib. x509 may be a
dictionary containing the location of the SSL certificate and key
-@@ -105,10 +124,47 @@ def wbem_request(url, data, creds, heade
+@@ -105,10 +124,49 @@ def wbem_request(url, data, creds, heade
class HTTPSConnection(HTTPBaseConnection, httplib.HTTPSConnection):
def __init__(self, host, port=None, key_file=None, cert_file=None,
@@ -76,19 +76,21 @@ Index: pywbem-20131121/cim_http.py
+ self.sock.setup_ssl()
+ self.sock.set_connect_state()
+ ret = self.sock.connect_ssl()
-+ check = getattr(self.sock, 'postConnectionCheck',
-+ self.sock.clientPostConnectionCheck)
-+ if check is not None:
-+ if not check(self.sock.get_peer_cert(), self.host):
-+ raise Error('SSL error: post connection check failed')
++ if self.ca_certs:
++ check = getattr(self.sock, 'postConnectionCheck',
++ self.sock.clientPostConnectionCheck)
++ if check is not None:
++ if not check(self.sock.get_peer_cert(), self.host):
++ raise Error('SSL error: post connection check failed')
+ return ret
-+ except (Err.SSLError, SSL.SSLError, SSL.SSLTimeoutError), arg:
++ except ( Err.SSLError, SSL.SSLError, SSL.SSLTimeoutError
++ , SSL.Checker.WrongHost), arg:
+ raise Error("SSL error: %s" % arg)
+
class FileHTTPConnection(HTTPBaseConnection, httplib.HTTPConnection):
def __init__(self, uds_path):
httplib.HTTPConnection.__init__(self, 'localhost')
-@@ -117,64 +173,36 @@ def wbem_request(url, data, creds, heade
+@@ -117,64 +175,36 @@ def wbem_request(url, data, creds, heade
self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
self.sock.connect(self.uds_path)
@@ -171,7 +173,7 @@ Index: pywbem-20131121/cim_http.py
else:
if url.startswith('http'):
h = HTTPConnection(host, port = port)
-@@ -216,6 +244,8 @@ def wbem_request(url, data, creds, heade
+@@ -216,6 +246,8 @@ def wbem_request(url, data, creds, heade
h.putheader('PegasusAuthorization', 'Local "%s"' % locallogin)
for hdr in headers:
diff --git a/pywbem.spec b/pywbem.spec
index d2fc22c..d024680 100644
--- a/pywbem.spec
+++ b/pywbem.spec
@@ -4,7 +4,7 @@
Name: pywbem
Version: 0.7.0
-Release: 22.%{revdate}svn%{svnrev}%{?dist}
+Release: 23.%{revdate}svn%{svnrev}%{?dist}
Summary: Python WBEM Client and Provider Interface
Group: Development/Libraries
License: LGPLv2
@@ -84,6 +84,9 @@ rm -rf %{buildroot}
%{python_sitelib}/pywbem/twisted_client.py*
%changelog
+* Fri Jan 03 2014 Michal Minar <miminar at redhat.com> 0.7.0-23.20131121svn656
+- Skip hostname check when no verification is desired.
+
* Fri Dec 27 2013 Michal Minar <miminar at redhat.com> 0.7.0-22.20131121svn656
- Work around M2Crypto's inability to handle unicode strings.
More information about the scm-commits
mailing list