libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From to...@apache.org
Subject svn commit: r1383122 - in /libcloud/trunk/libcloud: httplib_ssl.py test/test_httplib_ssl.py
Date Mon, 10 Sep 2012 21:53:41 GMT
Author: tomaz
Date: Mon Sep 10 21:53:40 2012
New Revision: 1383122

URL: http://svn.apache.org/viewvc?rev=1383122&view=rev
Log:
Fix a bug with the Libcloud SSL verification code. Code was too strict and
didn't allow "-" character in the sub-domain when using a wildcard certificate.

Note: This is NOT a security vulnerability.

Modified:
    libcloud/trunk/libcloud/httplib_ssl.py
    libcloud/trunk/libcloud/test/test_httplib_ssl.py

Modified: libcloud/trunk/libcloud/httplib_ssl.py
URL: http://svn.apache.org/viewvc/libcloud/trunk/libcloud/httplib_ssl.py?rev=1383122&r1=1383121&r2=1383122&view=diff
==============================================================================
--- libcloud/trunk/libcloud/httplib_ssl.py (original)
+++ libcloud/trunk/libcloud/httplib_ssl.py Mon Sep 10 21:53:40 2012
@@ -121,9 +121,10 @@ class LibcloudHTTPSConnection(httplib.HT
 
         # replace * with alphanumeric and dash
         # replace . with literal .
+        # http://www.dns.net/dnsrd/trick.html#legal-hostnames
         valid_patterns = [
             re.compile('^' + pattern.replace(r".", r"\.") \
-                                    .replace(r"*", r"[0-9A-Za-z]+") + '$')
+                                    .replace(r"*", r"[0-9A-Za-z\-]+") + '$')
             for pattern in (set(common_name) | set(alt_names))]
 
         return any(

Modified: libcloud/trunk/libcloud/test/test_httplib_ssl.py
URL: http://svn.apache.org/viewvc/libcloud/trunk/libcloud/test/test_httplib_ssl.py?rev=1383122&r1=1383121&r2=1383122&view=diff
==============================================================================
--- libcloud/trunk/libcloud/test/test_httplib_ssl.py (original)
+++ libcloud/trunk/libcloud/test/test_httplib_ssl.py Mon Sep 10 21:53:40 2012
@@ -53,6 +53,14 @@ class TestHttpLibSSLTests(unittest.TestC
                      (('organizationalUnitName', 'SSL'),),
                      (('commonName', 'python.org'),))}
 
+        cert4 = {'notAfter': 'Feb 16 16:54:50 2013 GMT',
+         'subject': ((('countryName', 'US'),),
+                     (('stateOrProvinceName', 'Delaware'),),
+                     (('localityName', 'Wilmington'),),
+                     (('organizationName', 'Python Software Foundation'),),
+                     (('organizationalUnitName', 'SSL'),),
+                     (('commonName', '*.api.joyentcloud.com'),))}
+
         self.assertFalse(self.httplib_object._verify_hostname(
                          hostname='invalid', cert=cert1))
         self.assertFalse(self.httplib_object._verify_hostname(
@@ -88,6 +96,11 @@ class TestHttpLibSSLTests(unittest.TestC
         self.assertFalse(self.httplib_object._verify_hostname(
                         hostname='ython.org', cert=cert3))
 
+        self.assertTrue(self.httplib_object._verify_hostname(
+                        hostname='us-east-1.api.joyentcloud.com', cert=cert4))
+        self.assertTrue(self.httplib_object._verify_hostname(
+                        hostname='useast-1.api.joyentcloud.com', cert=cert4))
+
     def test_get_subject_alt_names(self):
         cert1 = {'notAfter': 'Feb 16 16:54:50 2013 GMT',
          'subject': ((('countryName', 'US'),),



Mime
View raw message