Merge lp:~gz/brz/cert_reqs_none into lp:brz

Proposed by Martin Packman
Status: Merged
Approved by: Martin Packman
Approved revision: 7332
Merge reported by: The Breezy Bot
Merged at revision: not available
Proposed branch: lp:~gz/brz/cert_reqs_none
Merge into: lp:brz
Diff against target: 12 lines (+1/-1)
1 file modified
breezy/transport/http/__init__.py (+1/-1)
To merge this branch: bzr merge lp:~gz/brz/cert_reqs_none
Reviewer Review Type Date Requested Status
Jelmer Vernooij Approve
Review via email: mp+368867@code.launchpad.net

Commit message

Only check https hostname if none cert_reqs=none

Description of the change

Only check https hostname if cert_reqs=required

Avoids error raised from standard lib ssl module:
ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is enabled.

Also set check_hostname on the context rather than the module.

To post a comment you must log in.
Revision history for this message
Jelmer Vernooij (jelmer) wrote :

One comment, as discussed in person

review: Approve
lp:~gz/brz/cert_reqs_none updated
7332. By Martin Packman

Only check https hostname if not cert_reqs=none

Avoids error raised from standard lib ssl module:
ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is enabled.

Also set check_hostname on the context rather than the module.

Revision history for this message
Martin Packman (gz) wrote :

Flipped the check though much of a muchness for now.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'breezy/transport/http/__init__.py'
2--- breezy/transport/http/__init__.py 2019-06-15 11:55:54 +0000
3+++ breezy/transport/http/__init__.py 2019-06-15 18:02:27 +0000
4@@ -486,7 +486,7 @@
5 try:
6 ssl_context = ssl.create_default_context(
7 purpose=ssl.Purpose.SERVER_AUTH, cafile=ca_certs)
8- ssl.check_hostname = True
9+ ssl_context.check_hostname = cert_reqs != ssl.CERT_NONE
10 if self.cert_file:
11 ssl_context.load_cert_chain(
12 keyfile=self.key_file, certfile=self.cert_file)

Subscribers

People subscribed via source and target branches