On Tue, Oct 2, 2018 at 4:22 PM Felipe Sateler <fsate...@debian.org> wrote:
> Hi Matthias, Ivo, > > On Sun, 30 Sep 2018 22:59:26 +0200 Ivo De Decker <iv...@debian.org> wrote: > > clone 869896 -1 > > retitle -1 remove unneeded dependency on backports.ssl-match-hostname > > block 869896 by -1 > > clone -1 -2 -3 -4 -5 > > reassign -1 libcloud > > reassign -2 python-docker > > reassign -3 websocket-client > > reassign -4 docker-compose > > reassign -5 sagemath > > thanks > Turns out the version of match_hostname in py2 does not accept ip addresses: py2: ssl.match_hostname = match_hostname(cert, hostname) Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. py3 ssl.match_hostname = match_hostname(cert, hostname) Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed. The function matches IP addresses rather than dNSNames if hostname is a valid ipaddress string. IPv4 addresses are supported on all platforms. IPv6 addresses are supported on platforms with IPv6 support (AF_INET6 and inet_pton). CertificateError is raised on failure. On success, the function returns nothing. So, if python2 backport of match_hostname does not match behavior of python3.5, I cannot drop the dependency. I have reverted the change and reopened this bug. I urge you to reconsider if the py2 version really needs to be dropped. -- Saludos, Felipe Sateler