Skip to content

bpo-23033: consider wildcard in left most segment only for domain names #937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Nov 26, 2017
Merged

bpo-23033: consider wildcard in left most segment only for domain names #937

merged 10 commits into from
Nov 26, 2017

Conversation

daxlab
Copy link
Contributor

@daxlab daxlab commented Apr 1, 2017
edited by bedevere-bot
Loading

@mention-bot
Copy link

@daxlab, thanks for your PR! By analyzing the history of the files in this pull request, we identified @janssen, @Yhg1s and @tiran to be potential reviewers.

@alex
Copy link
Member

alex commented Apr 1, 2017

Looks like there is a relevant failing ssl test.

@daxlab
Copy link
Contributor Author

daxlab commented Apr 2, 2017

@alex review now.

alex
alex requested changes Apr 2, 2017
View reviewed changes
Copy link
Member

@alex alex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a few small comments.

Thanks for working on this! This is a great improvement to making match_hostname behave more like the rest of the PKI infrastructure.

Lib/ssl.py Outdated
if wildcards > max_wildcards:
if wildcards == 1 and len(leftmost) > 1:
""" Only match wildcard in leftmost segment.
"""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Please use a # style comment. """ is for docstrings.

Lib/test/test_ssl.py Outdated
@@ -480,10 +480,10 @@ def fail(cert, hostname):
fail(cert, 'Xa.com')
fail(cert, '.a.com')

# only match one left-most wildcard
# only match wildcard in left-most segment
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment still doesn't fell right, there is a wildcard in the left-most segment. I think it should say something like "only match wildcards when they are the only thing in the left-most segment". What do you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds much better, pushing the changes.

@alex
Copy link
Member

alex commented Apr 2, 2017

Doc failures are not your fault, sphinx-doc/sphinx#3597 is the cause.

@daxlab
Copy link
Contributor Author

daxlab commented Apr 2, 2017

@alex anything else needed from my side ?

@alex
Copy link
Member

alex commented Apr 2, 2017

This looks good to me. I'll probably ask for another review before landing. Thanks so much!

reaperhulk
reaperhulk approved these changes Apr 2, 2017
View reviewed changes
Copy link

@reaperhulk reaperhulk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Wildcards should be honored iff they are the leftmost fragment and are the only character in that fragment.

@alex alex mentioned this pull request Apr 2, 2017
Merged
@tiran
Copy link
Member

tiran commented Apr 2, 2017

You are almost there! Please add a versionchanged:: 3.7 to match_hostname documentation in Doc/library/ssl.rst.

tiran
tiran requested changes Apr 2, 2017
View reviewed changes
Copy link
Member

@tiran tiran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

versionchanged in documentation is missing.

@daxlab
Copy link
Contributor Author

daxlab commented Apr 2, 2017
edited
Loading

@tiran version changed docs added. Should that go in Doc/whatsnew/3.7.rst also ?

tiran
tiran approved these changes Apr 2, 2017
View reviewed changes
Copy link
Member

@tiran tiran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much for your contribution, @daxlab. Your work is an excellent base to clean up and simplify the host matching code even further.

@alex the change is backwards incompatible. I've asked Ben and Ned if they are fine with backports to 2.7 and 3.6.

@daxlab daxlab force-pushed the bpo-23033 branch 2 times, most recently from 31c911b to 2416d6a Compare April 2, 2017 18:53
@daxlab
Copy link
Contributor Author

daxlab commented Apr 3, 2017

@tiran @alex can we merge this ?

@tiran
Copy link
Member

tiran commented Apr 4, 2017

@daxlab @alex I'm waiting for confirmation regarding backport to 3.6 and 2.7.

berkerpeksag
berkerpeksag reviewed Apr 19, 2017
View reviewed changes
Copy link
Member

@berkerpeksag berkerpeksag left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we also need to add an entry to Misc/NEWS.

Doc/whatsnew/3.7.rst Outdated
@@ -273,6 +273,10 @@ Changes in the Python API
``makedirs()``.
(Contributed by Serhiy Storchaka in :issue:`19930`.)

* Now wildcard is supported in hostname when it is one and only character in the
left most segment of hostname in second argument of :meth:`match_hostname`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd change :meth:`match_hostname` to :meth:`ssl.match_hostname`. This would create a link to the ssl.match_hostname() documentation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@berkerpeksag thanks for review. I have pushed a fix.

Mariatta
Mariatta reviewed Jun 12, 2017
View reviewed changes
Misc/NEWS Outdated
@@ -313,6 +313,9 @@ Extension Modules
Library
-------

- bpo-23033: Now wildcard is supported in hostname when it is one and only
character in the left most segment of hostname.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add "Patch by Mandeep Singh."

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.

@Mariatta
Copy link
Member

Please add yourself to Misc/ACKS, resolve the conflict and update Misc/NEWS.
Thanks.

@daxlab
Copy link
Contributor Author

daxlab commented Jul 2, 2017

@Mariatta changes pushed.

@daxlab daxlab requested a review from a team October 1, 2017 07:19
@daxlab daxlab requested a review from a team as a code owner October 1, 2017 07:19
@the-knights-who-say-ni
Copy link

Hello, and thanks for your contribution!

I'm a bot set up to make sure that the project can legally accept your contribution by verifying you have signed the PSF contributor agreement (CLA).

Unfortunately our records indicate you have not signed the CLA. For legal reasons we need you to sign this before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue.

Thanks again to your contribution and we look forward to looking at it!

@brettcannon brettcannon changed the title bpo-23033: consider wildcard in left most segment only bpo-23033: consider wildcard in left most segment only for domain names Oct 2, 2017
@Mariatta
Copy link
Member

Thanks @daxlab for your patience with this PR, sorry it's taking a while.
I think this can go to 3.7.
Could you rebase this to make it up to date? We need the news entry in Misc/NEWS.d/, it can be generated using blurb.

@daxlab
Copy link
Contributor Author

daxlab commented Nov 24, 2017

@Mariatta will update the PR tonight.

@daxlab
Copy link
Contributor Author

daxlab commented Nov 26, 2017

@Mariatta I have rebased the PR and added news entry in Misc/NEWS.d/

@Mariatta
Copy link
Member

Thanks. I made minor changes and added you to Misc/ACKs. Waiting until CI is done.

@Mariatta Mariatta merged commit ede2ac9 into python:master Nov 26, 2017
@Mariatta
Copy link
Member

Thanks again @daxlab and congrats on your first contribution to CPython 🌮

@daxlab daxlab deleted the bpo-23033 branch November 27, 2017 04:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@berkerpeksag berkerpeksag berkerpeksag left review comments

@alex alex alex approved these changes

@reaperhulk reaperhulk reaperhulk approved these changes

@tiran tiran tiran approved these changes

@Mariatta Mariatta Mariatta approved these changes

@1st1 1st1 Awaiting requested review from 1st1

@gpshead gpshead Awaiting requested review from gpshead

@ncoghlan ncoghlan Awaiting requested review from ncoghlan

@rhettinger rhettinger Awaiting requested review from rhettinger

@skrah skrah Awaiting requested review from skrah

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@daxlab @mention-bot @alex @tiran @Mariatta @the-knights-who-say-ni @berkerpeksag @reaperhulk @bedevere-bot