group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1788262] Re: Add support for IP address SAN fields.

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: James Page <james.page@xxxxxxxxxx>
Date: Wed, 22 Aug 2018 08:29:38 -0000
Reply-to: Bug 1788262 <1788262@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 1771988 ***
    https://bugs.launchpad.net/bugs/1771988

** This bug has been marked a duplicate of bug 1771988
   certificate validation with IP address based SAN's fails

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1788262

Title:
  Add support for IP address SAN fields.

Status in python-urllib3 package in Ubuntu:
  Fix Released
Status in python-urllib3 source package in Xenial:
  Confirmed

Bug description:
  ** DRAFT in progress...**

  [Impact]
  The urllib3 library is not using the alternative name field on a TLS certificate to validate the certificate. The problem has been fixed, and we want to take advantage of the fix in Xenial.

  "Initial error that was hit while using requests to query an endpoint
  by ip with a self signed cert:

  requests.exceptions.SSLError: hostname 'XX.XX.XX.XXX' doesn't match
  either of 'XXXX', 'YYYY', 'ZZZZ'

  [Test Case]
  TBD

  [Regression Potential]
  TBD

  Fix already found in Bionic and Cosmic without reported issue since
  then about it nor upstream.

  [Other Info]

  # Upstream bug:
  https://github.com/urllib3/urllib3/issues/258

  # Upstream PR:
  https://github.com/urllib3/urllib3/pull/922

  # Upstream commit :
  Add support for IP address SAN fields.
  https://github.com/urllib3/urllib3/commit/c74bd70c3a97e30f0560bee9b7fa1bfc767ebf0b

  Xenial only is affected, Bionic & Cosmic already has the change:

  # Upstream
   git describe --contains c74bd70
   1.18

  # Rmadison
   python-urllib3 | 1.13.1-2                | xenial
   ==> python-urllib3 | 1.13.1-2ubuntu0.16.04.1 | xenial-updates
   python-urllib3 | 1.22-1                  | bionic
   python-urllib3 | 1.22-1                  | cosmic

  [Original Description]
  Please backport
  https://github.com/urllib3/urllib3/commit/c74bd70c3a97e30f0560bee9b7fa1bfc767ebf0b
  to urllib3 on xenial.

  The urllib3 library is not using the alternative name field on a TLS
  certificate to validate the certificate. The problem has been fixed,
  and we want to take advantage of the fix in Xenial.

  Earliest version of urllib3 library that incorporates this change: 1.18
  Earliest version of requests library that bundles this: 2.12.0 (which is actually using urllib3 1.19)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-urllib3/+bug/1788262/+subscriptions