diff --git a/.gitignore b/.gitignore index e69de29..ff9c95e 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/backports.ssl_match_hostname-3.2a3.tar.gz diff --git a/python-backports-ssl_match_hostname.spec b/python-backports-ssl_match_hostname.spec new file mode 100644 index 0000000..6effe6d --- /dev/null +++ b/python-backports-ssl_match_hostname.spec @@ -0,0 +1,58 @@ +%global module_name backports.ssl_match_hostname +%global alphatag a3 +%global fullversion %{version}%{alphatag} + +Name: python-backports-ssl_match_hostname +Version: 3.2 +Release: 0.2.%{alphatag}%{?dist} +Summary: The ssl.match_hostname() function from Python 3.2 + +# Webpages claim MIT but the code is cut-and-paste from Python source code +License: Python +URL: https://bitbucket.org/brandon/backports.ssl_match_hostname +Source0: http://pypi.python.org/packages/source/b/backports.ssl_match_hostname/backports.ssl_match_hostname-%{fullversion}.tar.gz +Patch0: ssl_match_hostname-issue12000.patch + +BuildArch: noarch +BuildRequires: python2-devel +BuildRequires: python-setuptools + +%description +The Secure Sockets layer is only actually secure if you check the hostname in +the certificate returned by the server to which you are connecting, and verify +that it matches to hostname that you are trying to reach. + +But the matching logic, defined in RFC2818, can be a bit tricky to implement on +your own. So the ssl package in the Standard Library of Python 3.2 now includes +a match_hostname() function for performing this check instead of requiring +every application to implement the check separately. + +This backport brings match_hostname() to users of earlier versions of Python. +The actual code inside comes verbatim from Python 3.2. + + +%prep +%setup -qn %{module_name}-%{fullversion} +%patch0 -p1 +mv src/backports/ssl_match_hostname/README.txt ./ + + +%build +python setup.py build + + +%install +python setup.py install -O1 --skip-build --root %{buildroot} + + +%files +%doc README.txt +%{python_sitelib}/* + + +%changelog +* Tue Feb 05 2013 Ian Weller - 3.2-0.2.a3 +- Fix Python issue 12000 + +* Fri Dec 07 2012 Ian Weller - 3.2-0.1.a3 +- Initial package build diff --git a/sources b/sources index e69de29..e4fd269 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +42adbd3c15d78eb6b7b7c654ec5c717c backports.ssl_match_hostname-3.2a3.tar.gz diff --git a/ssl_match_hostname-issue12000.patch b/ssl_match_hostname-issue12000.patch new file mode 100644 index 0000000..86c18c3 --- /dev/null +++ b/ssl_match_hostname-issue12000.patch @@ -0,0 +1,24 @@ +diff -up backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py.orig backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py +--- backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py.orig 2010-10-15 17:40:13.000000000 -0500 ++++ backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py 2013-02-05 17:24:13.706427017 -0600 +@@ -2,7 +2,7 @@ + + import re + +-__version__ = '3.2a3' ++__version__ = '3.2.2' + + class CertificateError(ValueError): + pass +@@ -37,8 +37,9 @@ def match_hostname(cert, hostname): + if _dnsname_to_pat(value).match(hostname): + return + dnsnames.append(value) +- if not san: +- # The subject is only checked when subjectAltName is empty ++ if not dnsnames: ++ # The subject is only checked when there is no dNSName entry ++ # in subjectAltName + for sub in cert.get('subject', ()): + for key, value in sub: + # XXX according to RFC 2818, the most specific Common Name