[New-bugs-announce] [issue22861] [2.7] ssl._dnsname_match() and unicode

STINNER Victor report at bugs.python.org
Thu Nov 13 13:52:29 CET 2014 

New submission from STINNER Victor:

Hi,

I just modified the Trollius project ( http://trollius.readthedocs.org/ ) to support Python 2.7 with the newly backported ssl module. I ran the test suite of the Trollius and some tests are failing because of the exact exception message.

It looks like ssl._dnsname_match() calls repr() on a Unicode string:

    elif len(dnsnames) == 1:
        raise CertificateError("hostname %r "
            "doesn't match %r"
            % (hostname, dnsnames[0]))

Well, I don't know if using repr() on an unicode string is really a bug or not.

By the way, Trollius currently pass the hostname as a bytes string, whereas match_hostname() uses Unicode. No error is raised. Is it safe to compare bytes and Unicode to validate a certificate?

dnsname[0] comes from the commonName of the certificate subject.

The certificate used in Trollius test can be found at:
https://bitbucket.org/enovance/trollius/src/d456dd5103b0e2a35ef27fe0d55583b74a8196dd/tests/keycert3.pem?at=trollius

Example of error:

======================================================================
FAIL: test_create_server_ssl_match_failed (test_events.EPollEventLoopTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "tests/test_events.py", line 951, in test_create_server_ssl_match_failed
    self.loop.run_until_complete(f_c)
  File "/home/haypo/prog/HG/trollius/trollius/test_utils.py", line 137, in __exit__
    expected_regex.pattern, str(exc_value)))
  File "/home/haypo/prog/HG/trollius/trollius/test_utils.py", line 75, in _raiseFailure
    raise self.test_case.failureException(msg)
AssertionError: "hostname '127.0.0.1' doesn't match 'localhost'" does not match "hostname '127.0.0.1' doesn't match u'localhost'"

----------
messages: 231108
nosy: alex, haypo
priority: normal
severity: normal
status: open
title: [2.7] ssl._dnsname_match() and unicode
versions: Python 2.7

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22861>
_______________________________________

More information about the New-bugs-announce mailing list