Bug 1379594
Summary: | python-docker-py 1.9.0 can't match hostnames based on ip address in subjectAlthostname | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Tomas Tomecek <ttomecek> |
Component: | python-docker-py | Assignee: | Tomas Tomecek <ttomecek> |
Status: | CLOSED WONTFIX | QA Contact: | atomic-bugs <atomic-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | atomic-bugs, carl, python-maint, torsava, ttomecek |
Target Milestone: | rc | Keywords: | Extras |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-01-29 12:35:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Tomecek
2016-09-27 08:01:37 UTC
python-backports-ssl_match_hostname is obsolete now anyways. The code from that module was backported into Python 2.7.9 upstream, and subsequently backported into RHEL7's 2.7.5-34.el7 (see https://github.com/centos-rpms/python/commit/f63228654ecef84a78c552dac832f4cd939cf584). Very interesting info! Thanks Carl. Unfortunately it doesn't help, because setuptools is pulling 'python-backports-ssl_match_hostname-3.4.0.2-4.el7', even though I have 'python-2.7.5-48.el7.x86_64': $ py.test -v ./tests/unit/ssladapter_test.py ... tests/unit/ssladapter_test.py::MatchHostnameTest::test_match_ip_address_success FAILED ... E CertificateError: hostname '127.0.0.1' doesn't match either of u'localhost', u'*.gensokyo.jp' Let's ask python-maint team. It seems this issue has been fix in upstream. [root@dell-per630-02 docker-py]# rpm -q python-backports-ssl_match_hostname python python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch python-2.7.5-48.el7.x86_64 [root@dell-per630-02 docker-py]# git rev-parse HEAD 239673a51c16715e401f02c9912b6a1a8619188b [root@dell-per630-02 docker-py]# py.test -v ./tests/unit/ssladapter_test.py =============================================================================================== test session starts =============================================================================================== platform linux2 -- Python 2.7.5, pytest-3.0.4, py-1.4.31, pluggy-0.4.0 -- /usr/bin/python cachedir: .cache rootdir: /home/ajia/Projects/docker-py, inifile: pytest.ini plugins: cov-2.4.0 collected 6 items tests/unit/ssladapter_test.py::SSLAdapterTest::test_only_uses_tls PASSED tests/unit/ssladapter_test.py::MatchHostnameTest::test_match_dns_failure PASSED tests/unit/ssladapter_test.py::MatchHostnameTest::test_match_dns_success PASSED tests/unit/ssladapter_test.py::MatchHostnameTest::test_match_ip_address_failure PASSED tests/unit/ssladapter_test.py::MatchHostnameTest::test_match_ip_address_success PASSED tests/unit/ssladapter_test.py::MatchHostnameTest::test_match_localhost_success PASSED ============================================================================================ 6 passed in 0.09 seconds ============================================================================================= It was not backported in RHEL7's python 2.7.5-34, and I can't find that it was backported at all. It looks like my last comment was a bit short sighted. The match_hostname function from Python 3.4's ssl module absolutely was backported, but that didn't yet contain the ability to accept IP addresses as hostnames. That is why the test works with backports.ssl_match_hostname 3.5.0.1. https://bitbucket.org/brandon/backports.ssl_match_hostname/commits/a8ef5d6 Since the solution to this bug lies outside of python-docker-py, I am going to close. Please reopen anybody if you run into this. |