Repository: thrift Updated Branches: refs/heads/master 4626fd889 -> e8ba7877b
THRIFT-4026 TSSLSocket doesn't work with Python < 2.7.9 This closes #1166 Project: http://git-wip-us.apache.org/repos/asf/thrift/repo Commit: http://git-wip-us.apache.org/repos/asf/thrift/commit/e8ba7877 Tree: http://git-wip-us.apache.org/repos/asf/thrift/tree/e8ba7877 Diff: http://git-wip-us.apache.org/repos/asf/thrift/diff/e8ba7877 Branch: refs/heads/master Commit: e8ba7877baec6f9871a88db8d3885361a2260ab2 Parents: 4626fd8 Author: Nobuaki Sukegawa <[email protected]> Authored: Sun Feb 12 21:14:48 2017 +0900 Committer: Nobuaki Sukegawa <[email protected]> Committed: Sun Feb 12 21:14:48 2017 +0900 ---------------------------------------------------------------------- build/docker/centos6/Dockerfile | 4 +++- lib/py/src/transport/sslcompat.py | 6 +++--- lib/py/test/test_sslsocket.py | 5 ++++- 3 files changed, 10 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/thrift/blob/e8ba7877/build/docker/centos6/Dockerfile ---------------------------------------------------------------------- diff --git a/build/docker/centos6/Dockerfile b/build/docker/centos6/Dockerfile index aa19731..5567ab7 100644 --- a/build/docker/centos6/Dockerfile +++ b/build/docker/centos6/Dockerfile @@ -41,7 +41,9 @@ RUN yum install -y epel-release && \ && yum clean all # optional dependencies -RUN pip install ipaddress backports.ssl_match_hostname tornado +# skipping ipaddress and backports.ssl_match_hostname to test legacy callback +# RUN pip install ipaddress backports.ssl_match_hostname tornado +RUN pip install tornado # CMake RUN curl -sSL https://cmake.org/files/v3.4/cmake-3.4.1.tar.gz | tar -xz && \ http://git-wip-us.apache.org/repos/asf/thrift/blob/e8ba7877/lib/py/src/transport/sslcompat.py ---------------------------------------------------------------------- diff --git a/lib/py/src/transport/sslcompat.py b/lib/py/src/transport/sslcompat.py index 7bf5e06..8ad4ce4 100644 --- a/lib/py/src/transport/sslcompat.py +++ b/lib/py/src/transport/sslcompat.py @@ -25,7 +25,7 @@ from thrift.transport.TTransport import TTransportException logger = logging.getLogger(__name__) -def legacy_validate_callback(self, cert, hostname): +def legacy_validate_callback(cert, hostname): """legacy method to validate the peer's SSL certificate, and to check the commonName of the certificate to ensure it matches the hostname we used to make this connection. Does not support subjectAltName records @@ -36,7 +36,7 @@ def legacy_validate_callback(self, cert, hostname): if 'subject' not in cert: raise TTransportException( TTransportException.NOT_OPEN, - 'No SSL certificate found from %s:%s' % (self.host, self.port)) + 'No SSL certificate found from %s' % hostname) fields = cert['subject'] for field in fields: # ensure structure we get back is what we expect @@ -57,7 +57,7 @@ def legacy_validate_callback(self, cert, hostname): raise TTransportException( TTransportException.UNKNOWN, 'Hostname we connected to "%s" doesn\'t match certificate ' - 'provided commonName "%s"' % (self.host, certhost)) + 'provided commonName "%s"' % (hostname, certhost)) raise TTransportException( TTransportException.UNKNOWN, 'Could not validate SSL certificate from host "%s". Cert=%s' http://git-wip-us.apache.org/repos/asf/thrift/blob/e8ba7877/lib/py/test/test_sslsocket.py ---------------------------------------------------------------------- diff --git a/lib/py/test/test_sslsocket.py b/lib/py/test/test_sslsocket.py index 3e4b266..8951618 100644 --- a/lib/py/test/test_sslsocket.py +++ b/lib/py/test/test_sslsocket.py @@ -237,6 +237,9 @@ class TSSLSocketTest(unittest.TestCase): self._assert_connection_success(server, cert_reqs=ssl.CERT_REQUIRED, ca_certs=SERVER_CERT) def test_client_cert(self): + if not _match_has_ipaddress: + print('skipping test_client_cert') + return server = self._server_socket( cert_reqs=ssl.CERT_REQUIRED, keyfile=SERVER_KEY, certfile=SERVER_CERT, ca_certs=CLIENT_CERT) @@ -333,7 +336,7 @@ class TSSLSocketTest(unittest.TestCase): if __name__ == '__main__': logging.basicConfig(level=logging.WARN) - from thrift.transport.TSSLSocket import TSSLSocket, TSSLServerSocket + from thrift.transport.TSSLSocket import TSSLSocket, TSSLServerSocket, _match_has_ipaddress from thrift.transport.TTransport import TTransportException unittest.main()
