Public bug reported:

[Impact]

 * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname
SSL context option must be set when establishing the connection,
otherwise, validation of SNI certificates fail and thus resulting in
lack of connectivity.

[Test Case]

 * use python-httplib2 to connect to an SNI tls protected host

[Regression Potential]

 * change is compatible with pythons/openssl versions shipped in bionic-release
 * change is from upstream / tested in debian & disco
 * change improves security, and is compatible with deployed servers out there
 * hosts with certificates not matching their actual hostname will remain 
invalid/untrusted

[Additional info]
To install python & openssl 1.1.1 on Bionic you may enable and use the below 
silo, which will then exhibit the enforcement of SNI hostname verification.

sudo add-apt-repository ppa:ci-train-ppa-service/3473
sudo apt-get update

** Affects: python-httplib2 (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: python-httplib2 (Ubuntu Bionic)
     Importance: Undecided
         Status: In Progress

** Also affects: python-httplib2 (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: python-httplib2 (Ubuntu)
       Status: New => Fix Released

** Changed in: python-httplib2 (Ubuntu Bionic)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815481

Title:
  python-httplib2 needs to support SNI for OpenSSL 1.1.1 Edit

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-httplib2/+bug/1815481/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to