Log In
Log In
Places
All Projects
Status Monitor
Collapse sidebar
matrix-synapse
python-ldap3
ssl_unbundle.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ssl_unbundle.patch of Package python-ldap3
diff --git a/ldap3/core/tls.py b/ldap3/core/tls.py index 1db9205..5acdb2a 100644 --- a/ldap3/core/tls.py +++ b/ldap3/core/tls.py @@ -38,8 +38,7 @@ except ImportError: try: from ssl import match_hostname, CertificateError # backport for python2 missing ssl functionalities except ImportError: - from ..utils.tls_backport import CertificateError - from ..utils.tls_backport import match_hostname + from backports.ssl_match_hostname import match_hostname, CertificateError if log_enabled(BASIC): log(BASIC, 'using tls_backport') diff --git a/ldap3/utils/tls_backport.py b/ldap3/utils/tls_backport.py deleted file mode 100644 index f142054..0000000 --- a/ldap3/utils/tls_backport.py +++ /dev/null @@ -1,133 +0,0 @@ -""" -""" - -# Created on 2014.10.05 -# -# Author: Giovanni Cannata -# -# Copyright 2015 Giovanni Cannata -# -# This file is part of ldap3. -# -# ldap3 is free software: you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as published -# by the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# ldap3 is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public License -# along with ldap3 in the COPYING and COPYING.LESSER files. -# If not, see <http://www.gnu.org/licenses/>. -import re -from ..utils.log import log, log_enabled, NETWORK - -try: - from backports.ssl_match_hostname import match_hostname, CertificateError -except ImportError: - class CertificateError(ValueError): # fix for Python 2, code from Python 3.5 standard library - pass - - - def _dnsname_match(dn, hostname, max_wildcards=1): - """Backported from Python 3.4.3 standard library - - Matching according to RFC 6125, section 6.4.3 - - http://tools.ietf.org/html/rfc6125#section-6.4.3 - """ - if log_enabled(NETWORK): - log(NETWORK, "matching dn %s with hostname %s", dn, hostname) - pats = [] - if not dn: - return False - - pieces = dn.split(r'.') - leftmost = pieces[0] - remainder = pieces[1:] - - wildcards = leftmost.count('*') - if wildcards > max_wildcards: - # Issue #17980: avoid denials of service by refusing more - # than one wildcard per fragment. A survey of established - # policy among SSL implementations showed it to be a - # reasonable choice. - raise CertificateError( - "too many wildcards in certificate DNS name: " + repr(dn)) - - # speed up common case w/o wildcards - if not wildcards: - return dn.lower() == hostname.lower() - - # RFC 6125, section 6.4.3, subitem 1. - # The client SHOULD NOT attempt to match a presented identifier in which - # the wildcard character comprises a label other than the left-most label. - if leftmost == '*': - # When '*' is a fragment by itself, it matches a non-empty dotless - # fragment. - pats.append('[^.]+') - elif leftmost.startswith('xn--') or hostname.startswith('xn--'): - # RFC 6125, section 6.4.3, subitem 3. - # The client SHOULD NOT attempt to match a presented identifier - # where the wildcard character is embedded within an A-label or - # U-label of an internationalized domain name. - pats.append(re.escape(leftmost)) - else: - # Otherwise, '*' matches any dotless string, e.g. www* - pats.append(re.escape(leftmost).replace(r'\*', '[^.]*')) - - # add the remaining fragments, ignore any wildcards - for frag in remainder: - pats.append(re.escape(frag)) - - pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE) - return pat.match(hostname) - - - def match_hostname(cert, hostname): - """Backported from Python 3.4.3 standard library. - - Verify that *cert* (in decoded format as returned by - SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 - rules are followed, but IP addresses are not accepted for *hostname*. - - CertificateError is raised on failure. On success, the function - returns nothing. - """ - - if not cert: - raise ValueError("empty or no certificate, match_hostname needs a " - "SSL socket or SSL context with either " - "CERT_OPTIONAL or CERT_REQUIRED") - dnsnames = [] - san = cert.get('subjectAltName', ()) - for key, value in san: - if key == 'DNS': - if _dnsname_match(value, hostname): - return - dnsnames.append(value) - if not dnsnames: - # The subject is only checked when there is no dNSName entry - # in subjectAltName - for sub in cert.get('subject', ()): - for key, value in sub: - # XXX according to RFC 2818, the most specific Common Name - # must be used. - if key == 'commonName': - if _dnsname_match(value, hostname): - return - dnsnames.append(value) - if len(dnsnames) > 1: - raise CertificateError("hostname %r " - "doesn't match either of %s" - % (hostname, ', '.join(map(repr, dnsnames)))) - elif len(dnsnames) == 1: - raise CertificateError("hostname %r " - "doesn't match %r" - % (hostname, dnsnames[0])) - else: - raise CertificateError("no appropriate commonName or " - "subjectAltName fields were found") diff --git a/setup.py b/setup.py index 9236e99..2ceecfa 100644 --- a/setup.py +++ b/setup.py @@ -20,6 +20,8 @@ # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see <http://www.gnu.org/licenses/>. +import sys + from setuptools import setup from json import load @@ -36,6 +38,10 @@ status = str(version_dict['status']) long_description = str(open('README.rst').read()) +install_requires=[i.strip() for i in open('requirements.txt').readlines()] +if sys.version_info < (2, 7, 9): + install_requires.append('backports.ssl_match_host_name') + setup(name=package_name, version=version, packages=['ldap3', @@ -53,7 +59,7 @@ setup(name=package_name, 'ldap3.extend.microsoft', 'ldap3.extend.standard'], package_dir={'': package_folder}, - install_requires=[i.strip() for i in open('requirements.txt').readlines()], + install_requires=install_requires, license=license, author=author, author_email=email,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Log In
Places
Places
All Projects
Status Monitor