New submission from Alexander Todorov:
The latest ssl.py file tries to validate hostnames vs certificates but includes
a faulty regexp which causes any wildcard domains (e.g. *.s3.amazonaws.com) to
fail validation.
Steps to Reproduce:
>>> import ssl
>>> ssl._dnsname_match("*.s3.amazonaws.com",
>>> "planet.sofiavalley.com.s3.amazonaws.com")
>>>
>From Python's documentation:
[]
Used to indicate a set of characters. In a set:
...
Special characters lose their special meaning inside sets. For example,
[(+*)] will match any of the literal characters '(', '+', '*', or ')'.
^^^^^^^^^ this is the cause of the error
I've found this after an upgrade to RHEL 7.2 which contains the faulty code
broke s3cmd for me. The result - one of my sites was outdated for a couple of
days.
For more info and proposed patch see:
https://bugzilla.redhat.com/show_bug.cgi?id=1284916
https://bugzilla.redhat.com/show_bug.cgi?id=1284930
Note: As far as I can tell this affects upstream Python 2.7.10 and 3.5.0,
however in the packages Red Hat distributes the code is different between 2 and
3 while upstream is more consistent.
----------
messages: 255265
nosy: Alexander Todorov
priority: normal
severity: normal
status: open
title: Lib/ssl.py breaks certificate validation for wildcard domains, e.g.
*.s3.amazonaws.com
versions: Python 2.7, Python 3.5
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25722>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
