File ssl_unbundle.patch of Package python-ldap3

Overview Repositories Revisions Requests Users Attributes Meta

File ssl_unbundle.patch of Package python-ldap3

diff --git a/ldap3/core/tls.py b/ldap3/core/tls.py
index 1db9205..5acdb2a 100644
--- a/ldap3/core/tls.py
+++ b/ldap3/core/tls.py
@@ -38,8 +38,7 @@ except ImportError:
 try:
     from ssl import match_hostname, CertificateError  # backport for python2 missing ssl functionalities
 except ImportError:
-    from ..utils.tls_backport import CertificateError
-    from ..utils.tls_backport import match_hostname
+    from backports.ssl_match_hostname import match_hostname, CertificateError
     if log_enabled(BASIC):
         log(BASIC, 'using tls_backport')
 
diff --git a/ldap3/utils/tls_backport.py b/ldap3/utils/tls_backport.py
deleted file mode 100644
index f142054..0000000
--- a/ldap3/utils/tls_backport.py
+++ /dev/null
@@ -1,133 +0,0 @@
-"""
-"""
-
-# Created on 2014.10.05
-#
-# Author: Giovanni Cannata
-#
-# Copyright 2015 Giovanni Cannata
-#
-# This file is part of ldap3.
-#
-# ldap3 is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published
-# by the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# ldap3 is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with ldap3 in the COPYING and COPYING.LESSER files.
-# If not, see <http://www.gnu.org/licenses/>.
-import re
-from ..utils.log import log, log_enabled, NETWORK
-
-try:
-    from backports.ssl_match_hostname import match_hostname, CertificateError
-except ImportError:
-    class CertificateError(ValueError):  # fix for Python 2, code from Python 3.5 standard library
-        pass
-
-
-    def _dnsname_match(dn, hostname, max_wildcards=1):
-        """Backported from Python 3.4.3 standard library
-
-        Matching according to RFC 6125, section 6.4.3
-
-        http://tools.ietf.org/html/rfc6125#section-6.4.3
-        """
-        if log_enabled(NETWORK):
-            log(NETWORK, "matching dn %s with hostname %s", dn, hostname)
-        pats = []
-        if not dn:
-            return False
-
-        pieces = dn.split(r'.')
-        leftmost = pieces[0]
-        remainder = pieces[1:]
-
-        wildcards = leftmost.count('*')
-        if wildcards > max_wildcards:
-            # Issue #17980: avoid denials of service by refusing more
-            # than one wildcard per fragment.  A survey of established
-            # policy among SSL implementations showed it to be a
-            # reasonable choice.
-            raise CertificateError(
-                "too many wildcards in certificate DNS name: " + repr(dn))
-
-        # speed up common case w/o wildcards
-        if not wildcards:
-            return dn.lower() == hostname.lower()
-
-        # RFC 6125, section 6.4.3, subitem 1.
-        # The client SHOULD NOT attempt to match a presented identifier in which
-        # the wildcard character comprises a label other than the left-most label.
-        if leftmost == '*':
-            # When '*' is a fragment by itself, it matches a non-empty dotless
-            # fragment.
-            pats.append('[^.]+')
-        elif leftmost.startswith('xn--') or hostname.startswith('xn--'):
-            # RFC 6125, section 6.4.3, subitem 3.
-            # The client SHOULD NOT attempt to match a presented identifier
-            # where the wildcard character is embedded within an A-label or
-            # U-label of an internationalized domain name.
-            pats.append(re.escape(leftmost))
-        else:
-            # Otherwise, '*' matches any dotless string, e.g. www*
-            pats.append(re.escape(leftmost).replace(r'\*', '[^.]*'))
-
-        # add the remaining fragments, ignore any wildcards
-        for frag in remainder:
-            pats.append(re.escape(frag))
-
-        pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
-        return pat.match(hostname)
-
-
-    def match_hostname(cert, hostname):
-        """Backported from Python 3.4.3 standard library.
-
-        Verify that *cert* (in decoded format as returned by
-        SSLSocket.getpeercert()) matches the *hostname*.  RFC 2818 and RFC 6125
-        rules are followed, but IP addresses are not accepted for *hostname*.
-
-        CertificateError is raised on failure. On success, the function
-        returns nothing.
-        """
-
-        if not cert:
-            raise ValueError("empty or no certificate, match_hostname needs a "
-                             "SSL socket or SSL context with either "
-                             "CERT_OPTIONAL or CERT_REQUIRED")
-        dnsnames = []
-        san = cert.get('subjectAltName', ())
-        for key, value in san:
-            if key == 'DNS':
-                if _dnsname_match(value, hostname):
-                    return
-                dnsnames.append(value)
-        if not dnsnames:
-            # The subject is only checked when there is no dNSName entry
-            # in subjectAltName
-            for sub in cert.get('subject', ()):
-                for key, value in sub:
-                    # XXX according to RFC 2818, the most specific Common Name
-                    # must be used.
-                    if key == 'commonName':
-                        if _dnsname_match(value, hostname):
-                            return
-                        dnsnames.append(value)
-        if len(dnsnames) > 1:
-            raise CertificateError("hostname %r "
-                                   "doesn't match either of %s"
-                                   % (hostname, ', '.join(map(repr, dnsnames))))
-        elif len(dnsnames) == 1:
-            raise CertificateError("hostname %r "
-                                   "doesn't match %r"
-                                   % (hostname, dnsnames[0]))
-        else:
-            raise CertificateError("no appropriate commonName or "
-                                   "subjectAltName fields were found")
diff --git a/setup.py b/setup.py
index 9236e99..2ceecfa 100644
--- a/setup.py
+++ b/setup.py
@@ -20,6 +20,8 @@
 # along with ldap3 in the COPYING and COPYING.LESSER files.
 # If not, see <http://www.gnu.org/licenses/>.
 
+import sys
+
 from setuptools import setup
 from json import load
 
@@ -36,6 +38,10 @@ status = str(version_dict['status'])
 
 long_description = str(open('README.rst').read())
 
+install_requires=[i.strip() for i in open('requirements.txt').readlines()]
+if sys.version_info < (2, 7, 9):
+    install_requires.append('backports.ssl_match_host_name')
+
 setup(name=package_name,
       version=version,
       packages=['ldap3',
@@ -53,7 +59,7 @@ setup(name=package_name,
                 'ldap3.extend.microsoft',
                 'ldap3.extend.standard'],
       package_dir={'': package_folder},
-      install_requires=[i.strip() for i in open('requirements.txt').readlines()],
+      install_requires=install_requires,
       license=license,
       author=author,
       author_email=email,

Places

File ssl_unbundle.patch of Package python-ldap3

Places