Description of problem: After applying patch suggested in issue 208 for httplib2, the hostname check fails if the dns name is only one element. The patch suggested returns a string instead of an array and then the validation fails. Working without applying this patch (#208) Version-Release number of selected component (if applicable): python-httplib2 How reproducible: 100% Reproducible while connecting to a server with certificate with only one dns entry Steps to Reproduce: 1. Server with SSL configured with only onw DNS entry as shown in results 2. open httplib connection using ssl 3. Actual results: Authorization Failed: Unable to communicate with identity service: Server presented certificate that does not match host keystonessl.cern.ch: {'notAfter': 'Jun 7 06:45:20 2013 GMT', 'subjectAltName': (('DNS', 'keystonessl.cern.ch'),), 'subject': ((('domainComponent', u'ch'),), (('domainComponent', u'cern'),), (('organizationalUnitName', u'computers'),), (('commonName', u'keystonessl.cern.ch'),))}. (HTTP 400) Expected results: Authorization Succeed Additional info: @@ -942,11 +942,12 @@ class HTTPSConnectionWithTimeout(httplib list: A list of valid host globs. """ if 'subjectAltName' in cert: for x in cert['subjectAltName']: if x[0].lower() == 'dns': return x[1] <----- if only one element return a string return [x[0][1] for x in cert['subject'] if x[0][0].lower() == 'commonname']
*** This bug has been marked as a duplicate of bug 832344 ***