[Bug 1815481] Re: python-httplib2 needs to support SNI for OpenSSL 1.1.1

[Launchpad Bug Tracker]

This bug was fixed in the package python-httplib2 - 0.9.2+dfsg-
1ubuntu0.1

---------------
python-httplib2 (0.9.2+dfsg-1ubuntu0.1) bionic; urgency=medium

  * Cherrypick upstream fixes to set SNI hostname in python2 client. LP:
    #1815481

 -- Dimitri John Ledkov <xnox at ubuntu.com>  Wed, 12 Dec 2018 19:20:12
+1100

** Changed in: python-httplib2 (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python-httplib2 in Ubuntu.
https://bugs.launchpad.net/bugs/1815481

Title:
  python-httplib2 needs to support SNI for OpenSSL 1.1.1

Status in python-httplib2 package in Ubuntu:
  Fix Released
Status in python-httplib2 source package in Bionic:
  Fix Released
Status in python-httplib2 package in Debian:
  Fix Released

Bug description:
  [Impact]

   * OpenSSL 1.1.1 performs SNI hostname verification, therefore
  hostname SSL context option must be set when establishing the
  connection, otherwise, validation of SNI certificates fail and thus
  resulting in lack of connectivity.

  [Test Case]

   * use python-httplib2 to connect to an SNI tls protected host

  [Regression Potential]

   * change is compatible with pythons/openssl versions shipped in bionic-release
   * change is from upstream / tested in debian & disco
   * change improves security, and is compatible with deployed servers out there
   * hosts with certificates not matching their actual hostname will remain invalid/untrusted

  [Additional info]
  To install python & openssl 1.1.1 on Bionic you may enable and use the below silo, which will then exhibit the enforcement of SNI hostname verification.

  sudo add-apt-repository ppa:ci-train-ppa-service/3473
  sudo apt-get update

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-httplib2/+bug/1815481/+subscriptions