Comment 8 for bug 729185

Revision history for this message
Martin Pitt (pitti) wrote : Re: [Bug 729185] Re: fingerprint SSL check does not work behind a proxy

Hello Olaf,

Olaf Meeuwissen [2011-03-11 1:54 -0000]:
> Re #5, we've tested with the fixed code and getting the GPG fingerprint
> worked fine for us.

Nice!

> Not familiar with the python-pycurl code, I've one little question. The
> verified_https.py code seemed aimed at adding hostname validation,
> something HTTPSConnection didn't do. Assuming that was done on purpose,
> I guess the replacement code should do the same. Does pycurl do the
> validation?

Yes, it does by default:

  http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLVERIFYHOST

Both the old (verified_https.py) and the new (pycurl) implementation
are covered by various test cases, amongst them one for a nonmatching
host name:

  http://bazaar.launchpad.net/~jockey-hackers/jockey/trunk/view/head:/tests/detection.py#L896