Message 255265 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Alexander Todorov
Recipients	Alexander Todorov
Date	2015-11-24.13:37:37
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1448372258.01.0.348498754399.issue25722@psf.upfronthosting.co.za>
In-reply-to

Content
The latest ssl.py file tries to validate hostnames vs certificates but includes a faulty regexp which causes any wildcard domains (e.g. .s3.amazonaws.com) to fail validation. Steps to Reproduce: >>> import ssl >>> ssl._dnsname_match(".s3.amazonaws.com", "planet.sofiavalley.com.s3.amazonaws.com") >>> From Python's documentation: [] Used to indicate a set of characters. In a set: ... Special characters lose their special meaning inside sets. For example, [(+)] will match any of the literal characters '(', '+', '', or ')'. ^^^^^^^^^ this is the cause of the error I've found this after an upgrade to RHEL 7.2 which contains the faulty code broke s3cmd for me. The result - one of my sites was outdated for a couple of days. For more info and proposed patch see: https://bugzilla.redhat.com/show_bug.cgi?id=1284916 https://bugzilla.redhat.com/show_bug.cgi?id=1284930 Note: As far as I can tell this affects upstream Python 2.7.10 and 3.5.0, however in the packages Red Hat distributes the code is different between 2 and 3 while upstream is more consistent.

The latest ssl.py file tries to validate hostnames vs certificates but includes a faulty regexp which causes any wildcard domains (e.g. *.s3.amazonaws.com) to fail validation. 

Steps to Reproduce:
>>> import ssl
>>> ssl._dnsname_match("*.s3.amazonaws.com", "planet.sofiavalley.com.s3.amazonaws.com")
>>> 

From Python's documentation:

[]

    Used to indicate a set of characters. In a set:

...
        Special characters lose their special meaning inside sets. For example, [(+*)] will match any of the literal characters '(', '+', '*', or ')'.


^^^^^^^^^ this is the cause of the error

I've found this after an upgrade to RHEL 7.2 which contains the faulty code broke s3cmd for me. The result - one of my sites was outdated for a couple of days.

For more info and proposed patch see:
https://bugzilla.redhat.com/show_bug.cgi?id=1284916
https://bugzilla.redhat.com/show_bug.cgi?id=1284930

Note: As far as I can tell this affects upstream Python 2.7.10 and 3.5.0, however in the packages Red Hat distributes the code is different between 2 and 3 while upstream is more consistent.

History
Date	User	Action	Args
2015-11-24 13:37:38	Alexander Todorov	set	recipients: + Alexander Todorov
2015-11-24 13:37:38	Alexander Todorov	set	messageid: <1448372258.01.0.348498754399.issue25722@psf.upfronthosting.co.za>
2015-11-24 13:37:37	Alexander Todorov	link	issue25722 messages
2015-11-24 13:37:37	Alexander Todorov	create