El 11 ene. 2019 14:10, Felipe Sateler <fsate...@debian.org> escribió:
On Tue, Oct 2, 2018 at 4:22 PM Felipe Sateler <fsate...@debian.org<mailto:fsate...@debian.org>> wrote: Hi Matthias, Ivo, On Sun, 30 Sep 2018 22:59:26 +0200 Ivo De Decker <iv...@debian.org<mailto:iv...@debian.org>> wrote: > clone 869896 -1 > retitle -1 remove unneeded dependency on backports.ssl-match-hostname > block 869896 by -1 > clone -1 -2 -3 -4 -5 > reassign -1 libcloud > reassign -2 python-docker > reassign -3 websocket-client > reassign -4 docker-compose > reassign -5 sagemath > thanks Turns out the version of match_hostname in py2 does not accept ip addresses: py2: ssl.match_hostname = match_hostname(cert, hostname) Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. py3 ssl.match_hostname = match_hostname(cert, hostname) Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed. The function matches IP addresses rather than dNSNames if hostname is a valid ipaddress string. IPv4 addresses are supported on all platforms. IPv6 addresses are supported on platforms with IPv6 support (AF_INET6 and inet_pton). CertificateError is raised on failure. On success, the function returns nothing. So, if python2 backport of match_hostname does not match behavior of python3.5, I cannot drop the dependency. I have reverted the change and reopened this bug. I urge you to reconsider if the py2 version really needs to be dropped. -- Saludos, Felipe Sateler
