classification
Title: [2.7] ssl._dnsname_match() and unicode
Type: Stage:
Components: Versions: Python 2.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: Nosy List: alex, vstinner
Priority: normal Keywords:

Created on 2014-11-13 12:52 by vstinner, last changed 2015-03-18 10:51 by vstinner. This issue is now closed.

Messages (3)
msg231108 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2014-11-13 12:52 
Hi,

I just modified the Trollius project ( http://trollius.readthedocs.org/ ) to support Python 2.7 with the newly backported ssl module. I ran the test suite of the Trollius and some tests are failing because of the exact exception message.

It looks like ssl._dnsname_match() calls repr() on a Unicode string:

    elif len(dnsnames) == 1:
        raise CertificateError("hostname %r "
            "doesn't match %r"
            % (hostname, dnsnames[0]))

Well, I don't know if using repr() on an unicode string is really a bug or not.

By the way, Trollius currently pass the hostname as a bytes string, whereas match_hostname() uses Unicode. No error is raised. Is it safe to compare bytes and Unicode to validate a certificate?

dnsname[0] comes from the commonName of the certificate subject.

The certificate used in Trollius test can be found at:
https://bitbucket.org/enovance/trollius/src/d456dd5103b0e2a35ef27fe0d55583b74a8196dd/tests/keycert3.pem?at=trollius

Example of error:

======================================================================
FAIL: test_create_server_ssl_match_failed (test_events.EPollEventLoopTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "tests/test_events.py", line 951, in test_create_server_ssl_match_failed
    self.loop.run_until_complete(f_c)
  File "/home/haypo/prog/HG/trollius/trollius/test_utils.py", line 137, in __exit__
    expected_regex.pattern, str(exc_value)))
  File "/home/haypo/prog/HG/trollius/trollius/test_utils.py", line 75, in _raiseFailure
    raise self.test_case.failureException(msg)
AssertionError: "hostname '127.0.0.1' doesn't match 'localhost'" does not match "hostname '127.0.0.1' doesn't match u'localhost'"
msg231109 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2014-11-13 13:05 
I worked around this issue by expecting a different error message on Python 2 and Python 3:
https://bitbucket.org/enovance/trollius/commits/be404685d3fd8ba008e1a577438dc6f23b01c63a?at=trollius

+        if compat.PY3:
+            err_msg = "hostname '127.0.0.1' doesn't match 'localhost'"
+        else:
+            # http://bugs.python.org/issue22861
+            err_msg = "hostname '127.0.0.1' doesn't match u'localhost'"
msg238405 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2015-03-18 10:51 
I'm not convinced myself that it's a real issue, and I worked around it in Trollius, so I close the issue.
History
Date User Action Args
2015-03-18 10:51:20vstinnersetstatus: open -> closed
resolution: out of date
messages: + msg238405
2014-11-13 13:05:29vstinnersetmessages: + msg231109
2014-11-13 12:52:29vstinnercreate