diff --git a/pywbem-20131121-ssl_verify_host.patch b/pywbem-20131121-ssl_verify_host.patch index 5ed1664..985eb9e 100644 --- a/pywbem-20131121-ssl_verify_host.patch +++ b/pywbem-20131121-ssl_verify_host.patch @@ -38,7 +38,7 @@ Index: pywbem-20131121/cim_http.py """Send XML data over HTTP to the specified url. Return the response in XML. Uses Python's build-in httplib. x509 may be a dictionary containing the location of the SSL certificate and key -@@ -105,10 +124,35 @@ def wbem_request(url, data, creds, heade +@@ -105,10 +124,47 @@ def wbem_request(url, data, creds, heade class HTTPSConnection(HTTPBaseConnection, httplib.HTTPSConnection): def __init__(self, host, port=None, key_file=None, cert_file=None, @@ -52,7 +52,7 @@ Index: pywbem-20131121/cim_http.py + + def connect(self): + "Connect to a host on a given (SSL) port." -+ sock = socket.create_connection((self.host, self.port), ++ self.sock = socket.create_connection((self.host, self.port), + self.timeout, self.source_address) + if self._tunnel_host: + self.sock = sock @@ -68,15 +68,27 @@ Index: pywbem-20131121/cim_http.py + else: + ctx.load_verify_locations(cafile=self.ca_certs) + try: -+ self.sock = SSL.Connection(ctx) -+ self.sock.connect((self.host, self.port)) ++ self.sock = SSL.Connection(ctx, self.sock) ++ # Below is a body of SSL.Connection.connect() method ++ # except for the first line (socket connection). We want to preserve ++ # tunneling ability. ++ self.sock.addr = (self.host, self.port) ++ self.sock.setup_ssl() ++ self.sock.set_connect_state() ++ ret = self.sock.connect_ssl() ++ check = getattr(self.sock, 'postConnectionCheck', ++ self.sock.clientPostConnectionCheck) ++ if check is not None: ++ if not check(self.sock.get_peer_cert(), self.host): ++ raise Error('SSL error: post connection check failed') ++ return ret + except (Err.SSLError, SSL.SSLError, SSL.SSLTimeoutError), arg: + raise Error("SSL error: %s" % arg) + class FileHTTPConnection(HTTPBaseConnection, httplib.HTTPConnection): def __init__(self, uds_path): httplib.HTTPConnection.__init__(self, 'localhost') -@@ -117,53 +161,14 @@ def wbem_request(url, data, creds, heade +@@ -117,64 +173,36 @@ def wbem_request(url, data, creds, heade self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) self.sock.connect(self.uds_path) @@ -134,8 +146,10 @@ Index: pywbem-20131121/cim_http.py numTries = 0 localAuthHeader = None -@@ -171,10 +176,19 @@ def wbem_request(url, data, creds, heade + tryLimit = 5 ++ if isinstance(data, unicode): ++ data = data.encode('utf-8') data = '\n' + data + if not no_verification and ca_certs is None: @@ -157,6 +171,15 @@ Index: pywbem-20131121/cim_http.py else: if url.startswith('http'): h = HTTPConnection(host, port = port) +@@ -216,6 +244,8 @@ def wbem_request(url, data, creds, heade + h.putheader('PegasusAuthorization', 'Local "%s"' % locallogin) + + for hdr in headers: ++ if isinstance(hdr, unicode): ++ hdr = hdr.encode('utf-8') + s = map(lambda x: string.strip(x), string.split(hdr, ":", 1)) + h.putheader(urllib.quote(s[0]), urllib.quote(s[1])) + Index: pywbem-20131121/cim_operations.py =================================================================== --- pywbem-20131121.orig/cim_operations.py diff --git a/pywbem.spec b/pywbem.spec index 9e2d7cd..d2fc22c 100644 --- a/pywbem.spec +++ b/pywbem.spec @@ -4,7 +4,7 @@ Name: pywbem Version: 0.7.0 -Release: 21.%{revdate}svn%{svnrev}%{?dist} +Release: 22.%{revdate}svn%{svnrev}%{?dist} Summary: Python WBEM Client and Provider Interface Group: Development/Libraries License: LGPLv2 @@ -84,6 +84,9 @@ rm -rf %{buildroot} %{python_sitelib}/pywbem/twisted_client.py* %changelog +* Fri Dec 27 2013 Michal Minar 0.7.0-22.20131121svn656 +- Work around M2Crypto's inability to handle unicode strings. + * Wed Dec 18 2013 Michal Minar 0.7.0-21.20131121svn656 - Adjusted default certificates paths searched for cert validation.