El 11 ene. 2019 14:10, Felipe Sateler escribió:
On Tue, Oct 2, 2018 at 4:22 PM Felipe Sateler
mailto:fsate...@debian.org>> wrote:
Hi Matthias, Ivo,
On Sun, 30 Sep 2018 22:59:26 +0200 Ivo De Decker
mailto:iv...@debian.org>> wrote:
> clone 869896 -1
> retitle -1 remove unneeded dependency on backports.ssl-match-hostname
> block 869896 by -1
> clone -1 -2 -3 -4 -5
> reassign -1 libcloud
> reassign -2 python-docker
> reassign -3 websocket-client
> reassign -4 docker-compose
> reassign -5 sagemath
> thanks
Turns out the version of match_hostname in py2 does not accept ip addresses:
py2:
ssl.match_hostname = match_hostname(cert, hostname)
Verify that *cert* (in decoded format as returned by
SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125
rules are followed, but IP addresses are not accepted for *hostname*.
CertificateError is raised on failure. On success, the function
returns nothing.
py3
ssl.match_hostname = match_hostname(cert, hostname)
Verify that *cert* (in decoded format as returned by
SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125
rules are followed.
The function matches IP addresses rather than dNSNames if hostname is a
valid ipaddress string. IPv4 addresses are supported on all platforms.
IPv6 addresses are supported on platforms with IPv6 support (AF_INET6
and inet_pton).
CertificateError is raised on failure. On success, the function
returns nothing.
So, if python2 backport of match_hostname does not match behavior of python3.5,
I cannot drop the dependency. I have reverted the change and reopened this bug.
I urge you to reconsider if the py2 version really needs to be dropped.
--
Saludos,
Felipe Sateler