base/SOURCES/m2crypto-0.21.1-SAN-ip.patch

diff -ur M2Crypto/M2Crypto/SSL/Checker.py M2Crypto-0.21.1/M2Crypto/SSL/Checker.py
--- M2Crypto/M2Crypto/SSL/Checker.py	2011-01-15 20:10:05.000000000 +0100
+++ M2Crypto-0.21.1/M2Crypto/SSL/Checker.py	2015-07-07 16:41:53.887094222 +0200
@@ -11,6 +11,7 @@
            'WrongHost', 'Checker']
 
 from M2Crypto import util, EVP, m2
+import socket
 import re
 
 class SSLVerificationError(Exception):
@@ -161,6 +162,10 @@
                 self.useSubjectAltNameOnly = True
                 if self._match(host, certHost[4:]):
                     return True
+            elif certHost[:11] == 'ip address:':
+                self.useSubjectAltNameOnly = True
+                if self._matchIPAddress(host, certHost[11:]):
+                    return True
         return False
         
 
@@ -218,6 +223,34 @@
 
         return False
 
+    def _matchIPAddress(self, host, certHost):
+        """
+        >>> check = Checker()
+        >>> check._matchIPAddress(host='my.example.com', certHost='my.example.com')
+        False
+        >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.4')
+        True
+        >>> check._matchIPAddress(host='1.2.3.4', certHost='*.2.3.4')
+        False
+        >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.40')
+        False
+        >>> check._matchIPAddress(host='::1', certHost='::1')
+        True
+        >>> check._matchIPAddress(host='::1', certHost='0:0:0:0:0:0:0:1')
+        True
+        >>> check._matchIPAddress(host='::1', certHost='::2')
+        False
+        """
+        try:
+            canonical = socket.getaddrinfo(host, 0, 0, socket.SOCK_STREAM, 0,
+                                           socket.AI_NUMERICHOST)
+            certCanonical = socket.getaddrinfo(certHost, 0, 0,
+                                               socket.SOCK_STREAM, 0,
+                                               socket.AI_NUMERICHOST)
+        except:
+            return False
+        return canonical == certCanonical
+
 
 if __name__ == '__main__':
     import doctest