Ubuntu Cloud Archive

Comment 1 for bug 1814911

Revision history for this message

Gábor Mészáros (gabor.meszaros) wrote on 2019-02-06:

works with python-urllib3 1.13.1-2ubuntu0.16.04.1~cloud0
but fails with 1.13.1-2ubuntu0.16.04.2~cloud0

Change introduced: https://bugs.launchpad.net/ubuntu/+source/python-urllib3/+bug/1771988

code segment that silently fails:
96 def match_hostname(cert, hostname):
97 """Verify that *cert* (in decoded format as returned by
98 SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125
99 rules are followed, but IP addresses are not accepted for *hostname*.
100
101 CertificateError is raised on failure. On success, the function
102 returns nothing.
103 """
104 if not cert:
105 raise ValueError("empty or no certificate, match_hostname needs a "
106 "SSL socket or SSL context with either "
107 "CERT_OPTIONAL or CERT_REQUIRED")
108 try:
109 # Divergence from upstream: ipaddress can't handle byte str
110 host_ip = ipaddress.ip_address(_to_unicode(hostname))
111 except ValueError:
112 # Not an IP address (common case)
113 host_ip = None
114 except UnicodeError:
115 # Divergence from upstream: Have to deal with ipaddress not taking
116 # byte strings. addresses should be all ascii, so we consider it not
117 # an ipaddress in this case
118 host_ip = None
119 except AttributeError: <<<<<< throws AttributeError, because ipaddress is not available >>>>>>
120 # Divergence from upstream: Make ipaddress library optional
121 if ipaddress is None:
122 host_ip = None
123 else:
124 raise

from here:
9 # ipaddress has been backported to 2.6+ in pypi. If it is installed on the
10 # system, use it to handle IPAddress ServerAltnames (this was added in
11 # python-3.5) otherwise only do DNS matching. This allows
12 # backports.ssl_match_hostname to continue to be used all the way back to
13 # python-2.4.
14 try:
15 import ipaddress
16 except ImportError:
17 ipaddress = None
18

Simply installing python-ipaddress solves the issue

works with python-urllib3 1.13.1-2ubuntu0.16.04.1~cloud0
but fails with 1.13.1-2ubuntu0.16.04.2~cloud0

Change introduced: https://bugs.launchpad.net/ubuntu/+source/python-urllib3/+bug/1771988

code segment that silently fails:
 96 def match_hostname(cert, hostname):
 97     """Verify that *cert* (in decoded format as returned by
 98     SSLSocket.getpeercert()) matches the *hostname*.  RFC 2818 and RFC 6125
 99     rules are followed, but IP addresses are not accepted for *hostname*.
100 
101     CertificateError is raised on failure. On success, the function
102     returns nothing.
103     """
104     if not cert:
105         raise ValueError("empty or no certificate, match_hostname needs a "
106                          "SSL socket or SSL context with either "
107                          "CERT_OPTIONAL or CERT_REQUIRED")
108     try:
109         # Divergence from upstream: ipaddress can't handle byte str
110         host_ip = ipaddress.ip_address(_to_unicode(hostname))
111     except ValueError:
112         # Not an IP address (common case)
113         host_ip = None
114     except UnicodeError:
115         # Divergence from upstream: Have to deal with ipaddress not taking
116         # byte strings.  addresses should be all ascii, so we consider it not
117         # an ipaddress in this case
118         host_ip = None
119     except AttributeError: <<<<<< throws AttributeError, because ipaddress is not available >>>>>>
120         # Divergence from upstream: Make ipaddress library optional
121         if ipaddress is None:
122             host_ip = None
123         else:
124             raise

from here:
  9 # ipaddress has been backported to 2.6+ in pypi.  If it is installed on the
 10 # system, use it to handle IPAddress ServerAltnames (this was added in
 11 # python-3.5) otherwise only do DNS matching.  This allows
 12 # backports.ssl_match_hostname to continue to be used all the way back to
 13 # python-2.4.
 14 try:
 15     import ipaddress
 16 except ImportError:
 17     ipaddress = None
 18

Simply installing python-ipaddress solves the issue