Rev 6491: (gz) Use correct host name for checking certificates when using a proxy for in file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/2.5/
Patch Queue Manager
pqm at pqm.ubuntu.com
Mon Mar 12 18:34:05 UTC 2012
At file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/2.5/
------------------------------------------------------------
revno: 6491 [merge]
revision-id: pqm at pqm.ubuntu.com-20120312183404-r5kf7ug5so2xmski
parent: pqm at pqm.ubuntu.com-20120312180647-mkadzywe7jc178lr
parent: martin.packman at canonical.com-20120312172004-i89m5mygc8prunro
committer: Patch Queue Manager <pqm at pqm.ubuntu.com>
branch nick: 2.5
timestamp: Mon 2012-03-12 18:34:04 +0000
message:
(gz) Use correct host name for checking certificates when using a proxy for
https (Martin Packman)
modified:
bzrlib/transport/http/_urllib2_wrappers.py _urllib2_wrappers.py-20060913231729-ha9ugi48ktx481ao-1
doc/en/release-notes/bzr-2.5.txt bzr2.5.txt-20110708125756-587p0hpw7oke4h05-1
=== modified file 'bzrlib/transport/http/_urllib2_wrappers.py'
--- a/bzrlib/transport/http/_urllib2_wrappers.py 2012-02-21 12:16:02 +0000
+++ b/bzrlib/transport/http/_urllib2_wrappers.py 2012-03-09 17:29:54 +0000
@@ -476,9 +476,12 @@
# FIXME JRV 2011-12-18: Use location config here?
config_stack = config.GlobalStack()
cert_reqs = config_stack.get('ssl.cert_reqs')
+ if self.proxied_host is not None:
+ host = self.proxied_host.split(":", 1)[0]
+ else:
+ host = self.host
if cert_reqs == ssl.CERT_NONE:
- trace.warning("Not checking SSL certificate for %s: %d",
- self.host, self.port)
+ trace.warning("Not checking SSL certificate for %s", host)
ca_certs = None
else:
if self.ca_certs is None:
@@ -503,7 +506,7 @@
raise
if cert_reqs == ssl.CERT_REQUIRED:
peer_cert = ssl_sock.getpeercert()
- match_hostname(peer_cert, self.host)
+ match_hostname(peer_cert, host)
# Wrap the ssl socket before anybody use it
self._wrap_socket_for_reporting(ssl_sock)
=== modified file 'doc/en/release-notes/bzr-2.5.txt'
--- a/doc/en/release-notes/bzr-2.5.txt 2012-03-12 14:44:51 +0000
+++ b/doc/en/release-notes/bzr-2.5.txt 2012-03-12 18:34:04 +0000
@@ -32,6 +32,10 @@
.. Fixes for situations where bzr would previously crash or give incorrect
or undesirable results.
+* Connecting with HTTPS via HTTP now correctly uses the host name of the
+ destination rather than the proxy when checking certificates.
+ (Martin Packman, #944696)
+
* Fixed merge tool availability checking and invocation to search the
Windows App Path registry in addition to the PATH. (Gordon Tyler, #939605)
More information about the bazaar-commits
mailing list