[Bug 1788262] Re: backport request of upstream commit c74bd70c3a97e30f0560bee9b7fa1bfc767ebf0b on xenial

Eric Desrochers eric.desrochers at canonical.com
Tue Aug 21 18:21:47 UTC 2018 

** Tags added: sts

** Also affects: python-urllib3 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: python-urllib3 (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-urllib3 in Ubuntu.
https://bugs.launchpad.net/bugs/1788262

Title:
  backport request of upstream commit
  c74bd70c3a97e30f0560bee9b7fa1bfc767ebf0b on xenial

Status in python-urllib3 package in Ubuntu:
  Fix Released
Status in python-urllib3 source package in Xenial:
  Confirmed

Bug description:
  ** DRAFT in progress...**

  [Impact]
  The urllib3 library is not using the alternative name field on a TLS certificate to validate the certificate. The problem has been fixed, and we want to take advantage of the fix in Xenial.

  "Initial error that was hit while using requests to query an endpoint
  by ip with a self signed cert:

  requests.exceptions.SSLError: hostname 'XX.XX.XX.XXX' doesn't match
  either of 'XXXX', 'YYYY', 'ZZZZ'

  [Test Case]
  TBD

  [Regression Potential]
  TBD

  [Other Info]

  # Upstream commit :
  Add support for IP address SAN fields.
  https://github.com/urllib3/urllib3/commit/c74bd70c3a97e30f0560bee9b7fa1bfc767ebf0b

  Xenial only is affected, Bionic & Cosmic already has the change:

  # Upstream
   git describe --contains c74bd70
   1.18^2~4

  # Rmadison
   python-urllib3 | 1.13.1-2                | xenial         | source, all
   python-urllib3 | 1.13.1-2ubuntu0.16.04.1 | xenial-updates | source, all
   python-urllib3 | 1.22-1                  | bionic         | source, all
   python-urllib3 | 1.22-1                  | cosmic         | source, all

  [Original Description]
  Please backport
  https://github.com/urllib3/urllib3/commit/c74bd70c3a97e30f0560bee9b7fa1bfc767ebf0b
  to urllib3 on xenial.

  The urllib3 library is not using the alternative name field on a TLS
  certificate to validate the certificate. The problem has been fixed,
  and we want to take advantage of the fix in Xenial.

  Earliest version of urllib3 library that incorporates this change: 1.18
  Earliest version of requests library that bundles this: 2.12.0 (which is actually using urllib3 1.19)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-urllib3/+bug/1788262/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list