You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@thrift.apache.org by ns...@apache.org on 2017/02/12 12:17:05 UTC

thrift git commit: THRIFT-4026 TSSLSocket doesn't work with Python < 2.7.9

Repository: thrift
Updated Branches:
  refs/heads/master 4626fd889 -> e8ba7877b


THRIFT-4026 TSSLSocket doesn't work with Python < 2.7.9

This closes #1166


Project: http://git-wip-us.apache.org/repos/asf/thrift/repo
Commit: http://git-wip-us.apache.org/repos/asf/thrift/commit/e8ba7877
Tree: http://git-wip-us.apache.org/repos/asf/thrift/tree/e8ba7877
Diff: http://git-wip-us.apache.org/repos/asf/thrift/diff/e8ba7877

Branch: refs/heads/master
Commit: e8ba7877baec6f9871a88db8d3885361a2260ab2
Parents: 4626fd8
Author: Nobuaki Sukegawa <ns...@apache.org>
Authored: Sun Feb 12 21:14:48 2017 +0900
Committer: Nobuaki Sukegawa <ns...@apache.org>
Committed: Sun Feb 12 21:14:48 2017 +0900

----------------------------------------------------------------------
 build/docker/centos6/Dockerfile   | 4 +++-
 lib/py/src/transport/sslcompat.py | 6 +++---
 lib/py/test/test_sslsocket.py     | 5 ++++-
 3 files changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/thrift/blob/e8ba7877/build/docker/centos6/Dockerfile
----------------------------------------------------------------------
diff --git a/build/docker/centos6/Dockerfile b/build/docker/centos6/Dockerfile
index aa19731..5567ab7 100644
--- a/build/docker/centos6/Dockerfile
+++ b/build/docker/centos6/Dockerfile
@@ -41,7 +41,9 @@ RUN yum install -y epel-release && \
     && yum clean all
 
 # optional dependencies
-RUN pip install ipaddress backports.ssl_match_hostname tornado
+# skipping ipaddress and backports.ssl_match_hostname to test legacy callback
+# RUN pip install ipaddress backports.ssl_match_hostname tornado
+RUN pip install tornado
 
 # CMake
 RUN curl -sSL https://cmake.org/files/v3.4/cmake-3.4.1.tar.gz | tar -xz && \

http://git-wip-us.apache.org/repos/asf/thrift/blob/e8ba7877/lib/py/src/transport/sslcompat.py
----------------------------------------------------------------------
diff --git a/lib/py/src/transport/sslcompat.py b/lib/py/src/transport/sslcompat.py
index 7bf5e06..8ad4ce4 100644
--- a/lib/py/src/transport/sslcompat.py
+++ b/lib/py/src/transport/sslcompat.py
@@ -25,7 +25,7 @@ from thrift.transport.TTransport import TTransportException
 logger = logging.getLogger(__name__)
 
 
-def legacy_validate_callback(self, cert, hostname):
+def legacy_validate_callback(cert, hostname):
     """legacy method to validate the peer's SSL certificate, and to check
     the commonName of the certificate to ensure it matches the hostname we
     used to make this connection.  Does not support subjectAltName records
@@ -36,7 +36,7 @@ def legacy_validate_callback(self, cert, hostname):
     if 'subject' not in cert:
         raise TTransportException(
             TTransportException.NOT_OPEN,
-            'No SSL certificate found from %s:%s' % (self.host, self.port))
+            'No SSL certificate found from %s' % hostname)
     fields = cert['subject']
     for field in fields:
         # ensure structure we get back is what we expect
@@ -57,7 +57,7 @@ def legacy_validate_callback(self, cert, hostname):
             raise TTransportException(
                 TTransportException.UNKNOWN,
                 'Hostname we connected to "%s" doesn\'t match certificate '
-                'provided commonName "%s"' % (self.host, certhost))
+                'provided commonName "%s"' % (hostname, certhost))
     raise TTransportException(
         TTransportException.UNKNOWN,
         'Could not validate SSL certificate from host "%s".  Cert=%s'

http://git-wip-us.apache.org/repos/asf/thrift/blob/e8ba7877/lib/py/test/test_sslsocket.py
----------------------------------------------------------------------
diff --git a/lib/py/test/test_sslsocket.py b/lib/py/test/test_sslsocket.py
index 3e4b266..8951618 100644
--- a/lib/py/test/test_sslsocket.py
+++ b/lib/py/test/test_sslsocket.py
@@ -237,6 +237,9 @@ class TSSLSocketTest(unittest.TestCase):
         self._assert_connection_success(server, cert_reqs=ssl.CERT_REQUIRED, ca_certs=SERVER_CERT)
 
     def test_client_cert(self):
+        if not _match_has_ipaddress:
+            print('skipping test_client_cert')
+            return
         server = self._server_socket(
             cert_reqs=ssl.CERT_REQUIRED, keyfile=SERVER_KEY,
             certfile=SERVER_CERT, ca_certs=CLIENT_CERT)
@@ -333,7 +336,7 @@ class TSSLSocketTest(unittest.TestCase):
 
 if __name__ == '__main__':
     logging.basicConfig(level=logging.WARN)
-    from thrift.transport.TSSLSocket import TSSLSocket, TSSLServerSocket
+    from thrift.transport.TSSLSocket import TSSLSocket, TSSLServerSocket, _match_has_ipaddress
     from thrift.transport.TTransport import TTransportException
 
     unittest.main()