[Buildroot] [PATCH] python-backports-ssl-match-hostname: new package

Yegor Yefremov yegorslists at googlemail.com
Thu Apr 21 09:19:08 UTC 2016


Hi Charles,

On Wed, Apr 20, 2016 at 11:38 PM, Charles Hardin <ckhardin at exablox.com> wrote:
> Btw - it is circus that uses tornado

Could you send a patch adding circus to Buildroot? See [1] for
submitting patches instructions.

circus runs a deamon, but also provides an API, so I would add this as
an ordinary Python package.

[1] http://nightly.buildroot.org/manual.html#submitting-patches

Yegor

> Sent from my iPad
>
>> On Apr 20, 2016, at 1:27 PM, Yegor Yefremov <yegorslists at googlemail.com> wrote:
>>
>> Hi Charles,
>>
>>> On Wed, Apr 20, 2016 at 6:44 PM, Charles Hardin <ckhardin at exablox.com> wrote:
>>> Yes - I think I just selected it out of laziness because we don’t run
>>> different
>>> python versions and only use python 2.7
>>
>> Could you perform following test?
>>
>> 1. disable backports.ssl_match_hostname
>> 2. enable SSL support in Python, python-tornado and python-cerifi
>> 3. make clean && make
>>
>> Is your application functioning without backports.ssl_match_hostname?
>>
>> Thanks.
>>
>> Yegor
>>
>>> On Apr 20, 2016, at 2:58 AM, Yegor Yefremov <yegorslists at googlemail.com>
>>> wrote:
>>>
>>> On Wed, Apr 20, 2016 at 11:28 AM, Thomas Petazzoni
>>> <thomas.petazzoni at free-electrons.com> wrote:
>>>
>>> Hello,
>>>
>>> On Wed, 20 Apr 2016 11:22:54 +0200, yegorslists at googlemail.com wrote:
>>>
>>> From: Yegor Yefremov <yegorslists at googlemail.com>
>>>
>>> Fixes #8856
>>>
>>>
>>> Are you sure this is sufficient to fix the bug? Doesn't python-tornado
>>> also needs to select this new package when Python 2 is used?
>>>
>>>
>>> Both Python 2 and 3 implement ssl.match_hostname(cert, hostname) [1]
>>>
>>> backports.ssl_match_hostname 3.5.0.1 introduces some enhancements made
>>> in 3.5. See its history:
>>>
>>> History
>>> -------
>>>
>>> * This function was introduced in python-3.2
>>> * It was updated for python-3.4a1 for a CVE
>>> (backports-ssl_match_hostname-3.4.0.1)
>>> * It was updated from RFC2818 to RFC 6125 compliance in order to fix another
>>> security flaw for python-3.3.3 and python-3.4a5
>>> (backports-ssl_match_hostname-3.4.0.2)
>>> * It was updated in python-3.5 to handle IPAddresses in ServerAltName fields
>>> (something that backports.ssl_match_hostname will do if you also install the
>>> ipaddress library from pypi).
>>>
>>> Tornado has following logic to decide, when to import
>>> backports.ssl_match_hostname
>>>
>>> if hasattr(ssl, 'match_hostname') and hasattr(ssl,
>>> 'CertificateError'):  # python 3.2+
>>>   ssl_match_hostname = ssl.match_hostname
>>>   SSLCertificateError = ssl.CertificateError
>>> elif ssl is None:
>>>   ssl_match_hostname = SSLCertificateError = None
>>> else:
>>>   import backports.ssl_match_hostname
>>>   ssl_match_hostname = backports.ssl_match_hostname.match_hostname
>>>   SSLCertificateError = backports.ssl_match_hostname.CertificateError
>>>
>>> So if the user wants to use ssl.match_hostname, he must select
>>> Python's SSL support.
>>>
>>> Turns out, that this package can be used only, if the user imports it
>>> directly.
>>>
>>> [1] https://docs.python.org/2.7/library/ssl.html
>>>
>>>
>>> --
>>> Bits go in, bytes go out.
>>>



More information about the buildroot mailing list