Log In
Log In
Places
All Projects
Status Monitor
Collapse sidebar
obs:server:fedora:2.6
osc
osc-0.141.0-support-tls-sni.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File osc-0.141.0-support-tls-sni.patch of Package osc
From e9ea0e71f1e37f845dc0ba9aa189de2aacf81d36 Mon Sep 17 00:00:00 2001 From: Oleg Girko <ol@infoserver.lv> Date: Sat, 26 Oct 2013 02:11:46 +0100 Subject: [PATCH] Add support for TLS SNI if M2Crypto supports it. Currently osc can't access API URLs which share the same IP address with other SSL-enabled sites, complaining about certificate not matching hostname. This change solves this problem by instructing M2Crypto.SSL.Connection to send the desired hostname to https server using TLS SNI extension, thus allowing the server to present the right certificate and choose the right virtual site. This is useful for those who can't afford to have a separate IP address for OBS API. For TLS SNI to work correctly, M2Crypto should be patched: https://bugzilla.osafoundation.org/show_bug.cgi?id=13073 For unpatched M2Crypto osc degrades to operation without TLS SNI. Signed-off-by: Oleg Girko <ol@infoserver.lv> --- osc/oscssl.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/osc/oscssl.py b/osc/oscssl.py index 72a0dde..2bf1358 100644 --- a/osc/oscssl.py +++ b/osc/oscssl.py @@ -250,7 +250,12 @@ class myHTTPSConnection(M2Crypto.httpslib.HTTPSConnection): M2Crypto.httpslib.HTTPSConnection.__init__(self, *args, **kwargs) def connect(self, *args): - M2Crypto.httpslib.HTTPSConnection.connect(self, *args) + self.sock = SSL.Connection(self.ssl_ctx) + if self.session: + self.sock.set_session(self.session) + if hasattr(self.sock, 'set_tlsext_host_name'): + self.sock.set_tlsext_host_name(self.host) + self.sock.connect((self.host, self.port)) verify_certificate(self) def getHost(self): -- 1.8.3.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Log In
Places
Places
All Projects
Status Monitor