rpms/m2crypto/devel m2crypto-0.19.1-no-dns-in-altname.patch, NONE, 1.1 m2crypto.spec, 1.52, 1.53
Miloslav Trmac
mitr at fedoraproject.org
Wed Jun 10 15:53:03 UTC 2009
Author: mitr
Update of /cvs/pkgs/rpms/m2crypto/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12636
Modified Files:
m2crypto.spec
Added Files:
m2crypto-0.19.1-no-dns-in-altname.patch
Log Message:
* Wed Jun 10 2009 Miloslav TrmaÄ <mitr at redhat.com> - 0.19.1-8
- Don't reject certificates with subjectAltName that does not contain a dNSName
Resolves: #504060
m2crypto-0.19.1-no-dns-in-altname.patch:
--- NEW FILE m2crypto-0.19.1-no-dns-in-altname.patch ---
Index: M2Crypto/SSL/Checker.py
===================================================================
--- M2Crypto/SSL/Checker.py (revision 682)
+++ M2Crypto/SSL/Checker.py (working copy)
@@ -90,16 +90,17 @@
# subjectAltName=DNS:somehost[, ...]*
try:
subjectAltName = peerCert.get_ext('subjectAltName').get_value()
- if not self._splitSubjectAltName(self.host, subjectAltName):
+ if self._splitSubjectAltName(self.host, subjectAltName):
+ hostValidationPassed = True
+ elif self.useSubjectAltNameOnly:
raise WrongHost(expectedHost=self.host,
actualHost=subjectAltName,
fieldName='subjectAltName')
- hostValidationPassed = True
except LookupError:
pass
# commonName=somehost[, ...]*
- if not self.useSubjectAltNameOnly and not hostValidationPassed:
+ if not hostValidationPassed:
hasCommonName = False
commonNames = ''
for entry in peerCert.get_subject().get_entries_by_nid(m2.NID_commonName):
Index: m2crypto.spec
===================================================================
RCS file: /cvs/pkgs/rpms/m2crypto/devel/m2crypto.spec,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -p -r1.52 -r1.53
--- m2crypto.spec 3 Jun 2009 15:15:50 -0000 1.52
+++ m2crypto.spec 10 Jun 2009 15:52:33 -0000 1.53
@@ -6,7 +6,7 @@
Summary: Support for using OpenSSL in python scripts
Name: m2crypto
Version: 0.19.1
-Release: 7
+Release: 8
Source0: http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz
# https://bugzilla.osafoundation.org/show_bug.cgi?id=2341
Patch0: m2crypto-0.18-timeouts.patch
@@ -17,6 +17,8 @@ Patch2: m2crypto-0.19.1-close-HTTPRespon
# Half in upstream SVN
# Half is https://bugzilla.osafoundation.org/show_bug.cgi?id=12760
Patch3: m2crypto-0.19.1-ssl-selector.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=9605
+Patch4: m2crypto-0.19.1-no-dns-in-altname.patch
License: MIT
Group: System Environment/Libraries
URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto
@@ -34,6 +36,7 @@ This package allows you to call OpenSSL
%patch1 -p1 -b .gcc_macros
%patch2 -p1
%patch3 -p1
+%patch4 -p0
# Red Hat opensslconf.h #includes an architecture-specific file, but SWIG
# doesn't follow the #include.
@@ -96,6 +99,10 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/M2Crypto-*.egg-info
%changelog
+* Wed Jun 10 2009 Miloslav TrmaÄ <mitr at redhat.com> - 0.19.1-8
+- Don't reject certificates with subjectAltName that does not contain a dNSName
+ Resolves: #504060
+
* Wed Jun 3 2009 Miloslav TrmaÄ <mitr at redhat.com> - 0.19.1-7
- Only send the selector in SSL HTTP requests. Patch by James Bowes
<jbowes at redhat.com>.
More information about the fedora-extras-commits
mailing list