From d773cae6c0b4c655f218ebc1ce0450fe3ef5feae Mon Sep 17 00:00:00 2001 From: Ding-Yi Chen Date: Fri, 27 Jul 2012 18:50:25 +1000 Subject: [PATCH] Fixed Bug 840968 - SSL errors when the site certificate contains subjectAltName but DNS is not in it --- python-httplib2.rfc2459.patch | 19 +++++++++++++++++++ python-httplib2.spec | 8 +++++++- 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 python-httplib2.rfc2459.patch diff --git a/python-httplib2.rfc2459.patch b/python-httplib2.rfc2459.patch new file mode 100644 index 0000000..523129e --- /dev/null +++ b/python-httplib2.rfc2459.patch @@ -0,0 +1,19 @@ +diff -up ./python2/httplib2/__init__.py.orig ./python2/httplib2/__init__.py +--- ./python2/httplib2/__init__.py.orig 2012-07-27 18:35:59.215300471 +1000 ++++ ./python2/httplib2/__init__.py 2012-07-27 18:36:30.697287505 +1000 +@@ -943,8 +943,13 @@ class HTTPSConnectionWithTimeout(httplib + """ + if 'subjectAltName' in cert: + # Patch from richardfearn@gmail.com +- return [x[1] for x in cert['subjectAltName'] ++ # RFC 2459 states that subjectAltName may contain: ++ # either DNS, email, IP or URI ++ # email, URI, ++ hosts=[x[1] for x in cert['subjectAltName'] + if x[0].lower() == "dns"] ++ if hosts: ++ return hosts + + return [x[0][1] for x in cert['subject'] + if x[0][0].lower() == 'commonname'] + diff --git a/python-httplib2.spec b/python-httplib2.spec index c8cb99e..414a380 100644 --- a/python-httplib2.spec +++ b/python-httplib2.spec @@ -10,7 +10,7 @@ Name: python-httplib2 Version: 0.7.4 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A comprehensive HTTP client library Group: System Environment/Libraries License: MIT @@ -19,6 +19,7 @@ Source0: http://httplib2.googlecode.com/files/httplib2-%{version}.tar.gz #Patch0: httplib_py26.diff Patch1: %{name}.certfile.patch Patch2: %{name}.getCertHost.patch +Patch3: %{name}.rfc2459.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: python-setuptools-devel BuildRequires: python-devel @@ -47,6 +48,7 @@ other HTTP libraries. #%patch0 -p0 -b .issue39 %patch1 -p0 -b .certfile %patch2 -p0 -b .getCertHost +%patch3 -p0 -b .rfc2459 %if 0%{?with_python3} rm -rf %{py3dir} @@ -89,6 +91,10 @@ rm -rf $RPM_BUILD_ROOT %endif # with_python3 %changelog +* Fri Jul 27 2012 Ding-Yi Chen - 0.7.4-5 +- Fixed Bug 840968 - SSL errors when the site certificate contains + subjectAltName but DNS is not in it + * Fri Jun 22 2012 Ding-Yi Chen - 0.7.4-4 - Unify the spec file between EPEL and Fedora.