base/SOURCES/m2crypto-0.21.1-SAN-ip.patch

diff -ur M2Crypto/M2Crypto/SSL/Checker.py M2Crypto-0.21.1/M2Crypto/SSL/Checker.py
--- M2Crypto/M2Crypto/SSL/Checker.py	2011-01-15 20:10:05.000000000 +0100
+++ M2Crypto-0.21.1/M2Crypto/SSL/Checker.py	2015-07-07 16:41:53.887094222 +0200
@@ -11,6 +11,7 @@
            'WrongHost', 'Checker']
 
 from M2Crypto import util, EVP, m2
+import socket
 import re
 
 class SSLVerificationError(Exception):
@@ -161,6 +162,10 @@
                 self.useSubjectAltNameOnly = True
                 if self._match(host, certHost[4:]):
                     return True
+            elif certHost[:11] == 'ip address:':
+                self.useSubjectAltNameOnly = True
+                if self._matchIPAddress(host, certHost[11:]):
+                    return True
         return False
         
 
@@ -218,6 +223,34 @@
 
         return False
 
+    def _matchIPAddress(self, host, certHost):
+        """
+        >>> check = Checker()
+        >>> check._matchIPAddress(host='my.example.com', certHost='my.example.com')
+        False
+        >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.4')
+        True
+        >>> check._matchIPAddress(host='1.2.3.4', certHost='*.2.3.4')
+        False
+        >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.40')
+        False
+        >>> check._matchIPAddress(host='::1', certHost='::1')
+        True
+        >>> check._matchIPAddress(host='::1', certHost='0:0:0:0:0:0:0:1')
+        True
+        >>> check._matchIPAddress(host='::1', certHost='::2')
+        False
+        """
+        try:
+            canonical = socket.getaddrinfo(host, 0, 0, socket.SOCK_STREAM, 0,
+                                           socket.AI_NUMERICHOST)
+            certCanonical = socket.getaddrinfo(certHost, 0, 0,
+                                               socket.SOCK_STREAM, 0,
+                                               socket.AI_NUMERICHOST)
+        except:
+            return False
+        return canonical == certCanonical
+
 
 if __name__ == '__main__':
     import doctest
m2crypto package creation Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org> 6 years ago			`diff -ur M2Crypto/M2Crypto/SSL/Checker.py M2Crypto-0.21.1/M2Crypto/SSL/Checker.py`
			`--- M2Crypto/M2Crypto/SSL/Checker.py 2011-01-15 20:10:05.000000000 +0100`
			`+++ M2Crypto-0.21.1/M2Crypto/SSL/Checker.py 2015-07-07 16:41:53.887094222 +0200`
			`@@ -11,6 +11,7 @@`
			`'WrongHost', 'Checker']`

			`from M2Crypto import util, EVP, m2`
			`+import socket`
			`import re`

			`class SSLVerificationError(Exception):`
			`@@ -161,6 +162,10 @@`
			`self.useSubjectAltNameOnly = True`
			`if self._match(host, certHost[4:]):`
			`return True`
			`+ elif certHost[:11] == 'ip address:':`
			`+ self.useSubjectAltNameOnly = True`
			`+ if self._matchIPAddress(host, certHost[11:]):`
			`+ return True`
			`return False`


			`@@ -218,6 +223,34 @@`

			`return False`

			`+ def _matchIPAddress(self, host, certHost):`
			`+ """`
			`+ >>> check = Checker()`
			`+ >>> check._matchIPAddress(host='my.example.com', certHost='my.example.com')`
			`+ False`
			`+ >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.4')`
			`+ True`
			`+ >>> check._matchIPAddress(host='1.2.3.4', certHost='*.2.3.4')`
			`+ False`
			`+ >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.40')`
			`+ False`
			`+ >>> check._matchIPAddress(host='::1', certHost='::1')`
			`+ True`
			`+ >>> check._matchIPAddress(host='::1', certHost='0:0:0:0:0:0:0:1')`
			`+ True`
			`+ >>> check._matchIPAddress(host='::1', certHost='::2')`
			`+ False`
			`+ """`
			`+ try:`
			`+ canonical = socket.getaddrinfo(host, 0, 0, socket.SOCK_STREAM, 0,`
			`+ socket.AI_NUMERICHOST)`
			`+ certCanonical = socket.getaddrinfo(certHost, 0, 0,`
			`+ socket.SOCK_STREAM, 0,`
			`+ socket.AI_NUMERICHOST)`
			`+ except:`
			`+ return False`
			`+ return canonical == certCanonical`
			`+`

			`if __name__ == '__main__':`
			`import doctest`