|
 |
cfc5aa |
diff --git a/setuptools/ssl_support.py b/setuptools/ssl_support.py
|
|
|
cfc5aa |
--- a/setuptools/ssl_support.py
|
|
|
cfc5aa |
+++ b/setuptools/ssl_support.py
|
|
|
088a3c |
@@ -194,6 +194,12 @@
|
|
|
cfc5aa |
sock = create_connection(
|
|
|
cfc5aa |
(self.host, self.port), getattr(self,'source_address',None)
|
|
|
cfc5aa |
)
|
|
|
cfc5aa |
+
|
|
|
cfc5aa |
+ # Handle the socket if a (proxy) tunnel is present
|
|
|
cfc5aa |
+ if hasattr(self, '_tunnel') and getattr(self, '_tunnel_host', None):
|
|
|
cfc5aa |
+ self.sock = sock
|
|
|
cfc5aa |
+ self._tunnel()
|
|
|
cfc5aa |
+
|
|
|
cfc5aa |
self.sock = ssl.wrap_socket(
|
|
|
cfc5aa |
sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle
|
|
|
cfc5aa |
)
|
|
|
088a3c |
# HG changeset patch
|
|
|
088a3c |
# User Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com>
|
|
|
088a3c |
# Date 1404396219 -10800
|
|
|
088a3c |
# Node ID ca4b86f318ecf4cb46462e65a86fc814295124e8
|
|
|
088a3c |
# Parent 2381b11608897723145601dac345b9a4c981f3cb
|
|
|
088a3c |
ssl_support: Adjust to tunneling changes in Python 2.7.7 and 3.4.1.
|
|
|
088a3c |
|
|
|
088a3c |
The fix for https://bugs.python.org/issue7776 changed httplib.HTTPConnection's
|
|
|
088a3c |
handling of tunneling: `host' now points to the proxy host, so we have to
|
|
|
088a3c |
adjust the code to perform the certificate validation on `_tunnel_host' instead
|
|
|
088a3c |
when it is available.
|
|
|
088a3c |
|
|
|
088a3c |
diff --git a/setuptools/ssl_support.py b/setuptools/ssl_support.py
|
|
|
088a3c |
--- a/setuptools/ssl_support.py
|
|
|
088a3c |
+++ b/setuptools/ssl_support.py
|
|
|
088a3c |
@@ -178,12 +178,19 @@
|
|
|
088a3c |
if hasattr(self, '_tunnel') and getattr(self, '_tunnel_host', None):
|
|
|
088a3c |
self.sock = sock
|
|
|
088a3c |
self._tunnel()
|
|
|
088a3c |
+ # http://bugs.python.org/issue7776: Python>=3.4.1 and >=2.7.7
|
|
|
088a3c |
+ # change self.host to mean the proxy server host when tunneling is
|
|
|
088a3c |
+ # being used. Adapt, since we are interested in the destination
|
|
|
088a3c |
+ # host for the match_hostname() comparison.
|
|
|
088a3c |
+ actual_host = self._tunnel_host
|
|
|
088a3c |
+ else:
|
|
|
088a3c |
+ actual_host = self.host
|
|
|
088a3c |
|
|
|
088a3c |
self.sock = ssl.wrap_socket(
|
|
|
088a3c |
sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle
|
|
|
088a3c |
)
|
|
|
088a3c |
try:
|
|
|
088a3c |
- match_hostname(self.sock.getpeercert(), self.host)
|
|
|
088a3c |
+ match_hostname(self.sock.getpeercert(), actual_host)
|
|
|
088a3c |
except CertificateError:
|
|
|
088a3c |
self.sock.shutdown(socket.SHUT_RDWR)
|
|
|
088a3c |
self.sock.close()
|