diff options
author | chetan <44532446+chetanugale@users.noreply.github.com> | 2021-10-09 00:06:12 +0530 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-08 13:36:12 -0500 |
commit | bb3c2942702b84a9a86057044e61d7b885028471 (patch) | |
tree | a1a1a64a3a0c9f98e16f180d8bd18d0f0a9c9915 | |
parent | 056c4986b79fc772778ae2c44e283e73895e7c6c (diff) | |
download | urllib3-bb3c2942702b84a9a86057044e61d7b885028471.tar.gz |
[1.26] Vendor ssl.match_hostname to avoid Python 3.10 deprecation warning
-rwxr-xr-x | setup.py | 1 | ||||
-rw-r--r-- | src/urllib3/connection.py | 2 | ||||
-rw-r--r-- | src/urllib3/connectionpool.py | 2 | ||||
-rw-r--r-- | src/urllib3/packages/__init__.py | 5 | ||||
-rw-r--r-- | src/urllib3/packages/ssl_match_hostname/__init__.py | 24 | ||||
-rw-r--r-- | src/urllib3/util/ssl_match_hostname.py (renamed from src/urllib3/packages/ssl_match_hostname/_implementation.py) | 5 | ||||
-rw-r--r-- | test/test_connection.py | 45 | ||||
-rw-r--r-- | test/test_connectionpool.py | 2 |
8 files changed, 51 insertions, 35 deletions
@@ -75,7 +75,6 @@ setup( packages=[ "urllib3", "urllib3.packages", - "urllib3.packages.ssl_match_hostname", "urllib3.packages.backports", "urllib3.contrib", "urllib3.contrib._securetransport", diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py index 78a96e9e..23383d12 100644 --- a/src/urllib3/connection.py +++ b/src/urllib3/connection.py @@ -52,7 +52,6 @@ from .exceptions import ( SubjectAltNameWarning, SystemTimeWarning, ) -from .packages.ssl_match_hostname import CertificateError, match_hostname from .util import SKIP_HEADER, SKIPPABLE_HEADERS, connection from .util.ssl_ import ( assert_fingerprint, @@ -62,6 +61,7 @@ from .util.ssl_ import ( resolve_ssl_version, ssl_wrap_socket, ) +from .util.ssl_match_hostname import CertificateError, match_hostname log = logging.getLogger(__name__) diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py index 40f8e204..27a00604 100644 --- a/src/urllib3/connectionpool.py +++ b/src/urllib3/connectionpool.py @@ -36,7 +36,6 @@ from .exceptions import ( ) from .packages import six from .packages.six.moves import queue -from .packages.ssl_match_hostname import CertificateError from .request import RequestMethods from .response import HTTPResponse from .util.connection import is_connection_dropped @@ -45,6 +44,7 @@ from .util.queue import LifoQueue from .util.request import set_file_position from .util.response import assert_header_parsing from .util.retry import Retry +from .util.ssl_match_hostname import CertificateError from .util.timeout import Timeout from .util.url import Url, _encode_target from .util.url import _normalize_host as normalize_host diff --git a/src/urllib3/packages/__init__.py b/src/urllib3/packages/__init__.py index fce4caa6..e69de29b 100644 --- a/src/urllib3/packages/__init__.py +++ b/src/urllib3/packages/__init__.py @@ -1,5 +0,0 @@ -from __future__ import absolute_import - -from . import ssl_match_hostname - -__all__ = ("ssl_match_hostname",) diff --git a/src/urllib3/packages/ssl_match_hostname/__init__.py b/src/urllib3/packages/ssl_match_hostname/__init__.py deleted file mode 100644 index ef3fde52..00000000 --- a/src/urllib3/packages/ssl_match_hostname/__init__.py +++ /dev/null @@ -1,24 +0,0 @@ -import sys - -try: - # Our match_hostname function is the same as 3.10's, so we only want to - # import the match_hostname function if it's at least that good. - # We also fallback on Python 3.10+ because our code doesn't emit - # deprecation warnings and is the same as Python 3.10 otherwise. - if sys.version_info < (3, 5) or sys.version_info >= (3, 10): - raise ImportError("Fallback to vendored code") - - from ssl import CertificateError, match_hostname -except ImportError: - try: - # Backport of the function from a pypi module - from backports.ssl_match_hostname import ( # type: ignore - CertificateError, - match_hostname, - ) - except ImportError: - # Our vendored copy - from ._implementation import CertificateError, match_hostname # type: ignore - -# Not needed, but documenting what we provide. -__all__ = ("CertificateError", "match_hostname") diff --git a/src/urllib3/packages/ssl_match_hostname/_implementation.py b/src/urllib3/util/ssl_match_hostname.py index 689208d3..a4b4a569 100644 --- a/src/urllib3/packages/ssl_match_hostname/_implementation.py +++ b/src/urllib3/util/ssl_match_hostname.py @@ -9,7 +9,7 @@ import sys # ipaddress has been backported to 2.6+ in pypi. If it is installed on the # system, use it to handle IPAddress ServerAltnames (this was added in # python-3.5) otherwise only do DNS matching. This allows -# backports.ssl_match_hostname to continue to be used in Python 2.7. +# util.ssl_match_hostname to continue to be used in Python 2.7. try: import ipaddress except ImportError: @@ -78,7 +78,8 @@ def _dnsname_match(dn, hostname, max_wildcards=1): def _to_unicode(obj): if isinstance(obj, str) and sys.version_info < (3,): - obj = unicode(obj, encoding="ascii", errors="strict") + # ignored flake8 # F821 to support python 2.7 function + obj = unicode(obj, encoding="ascii", errors="strict") # noqa: F821 return obj diff --git a/test/test_connection.py b/test/test_connection.py index afcd9bd1..7ac0ecc2 100644 --- a/test/test_connection.py +++ b/test/test_connection.py @@ -79,6 +79,51 @@ class TestConnection(object): # Assert no error is raised _match_hostname(cert, asserted_hostname) + def test_match_hostname_ip_address(self): + cert = {"subjectAltName": [("IP Address", "1.1.1.1")]} + asserted_hostname = "1.1.1.2" + try: + with mock.patch("urllib3.connection.log.warning") as mock_log: + _match_hostname(cert, asserted_hostname) + except CertificateError as e: + assert "hostname '1.1.1.2' doesn't match '1.1.1.1'" in str(e) + mock_log.assert_called_once_with( + "Certificate did not match expected hostname: %s. Certificate: %s", + "1.1.1.2", + {"subjectAltName": [("IP Address", "1.1.1.1")]}, + ) + assert e._peer_cert == cert + + def test_match_hostname_no_dns(self): + cert = {"subjectAltName": [("DNS", "")]} + asserted_hostname = "bar" + try: + with mock.patch("urllib3.connection.log.warning") as mock_log: + _match_hostname(cert, asserted_hostname) + except CertificateError as e: + assert "hostname 'bar' doesn't match ''" in str(e) + mock_log.assert_called_once_with( + "Certificate did not match expected hostname: %s. Certificate: %s", + "bar", + {"subjectAltName": [("DNS", "")]}, + ) + assert e._peer_cert == cert + + def test_match_hostname_startwith_wildcard(self): + cert = {"subjectAltName": [("DNS", "*")]} + asserted_hostname = "foo" + _match_hostname(cert, asserted_hostname) + + def test_match_hostname_dnsname(self): + cert = {"subjectAltName": [("DNS", "xn--p1b6ci4b4b3a*.xn--11b5bs8d")]} + asserted_hostname = "xn--p1b6ci4b4b3a*.xn--11b5bs8d" + _match_hostname(cert, asserted_hostname) + + def test_match_hostname_include_wildcard(self): + cert = {"subjectAltName": [("DNS", "foo*")]} + asserted_hostname = "foobar" + _match_hostname(cert, asserted_hostname) + def test_recent_date(self): # This test is to make sure that the RECENT_DATE value # doesn't get too far behind what the current date is. diff --git a/test/test_connectionpool.py b/test/test_connectionpool.py index eec6bd27..5b5cd4a3 100644 --- a/test/test_connectionpool.py +++ b/test/test_connectionpool.py @@ -29,8 +29,8 @@ from urllib3.exceptions import ( from urllib3.packages.six.moves import http_client as httplib from urllib3.packages.six.moves.http_client import HTTPException from urllib3.packages.six.moves.queue import Empty -from urllib3.packages.ssl_match_hostname import CertificateError from urllib3.response import HTTPResponse +from urllib3.util.ssl_match_hostname import CertificateError from urllib3.util.timeout import Timeout from .test_response import MockChunkedEncodingResponse, MockSock |