THRIFT-4026 TSSLSocket doesn't work with Python < 2.7.9
This closes #1166
diff --git a/lib/py/src/transport/sslcompat.py b/lib/py/src/transport/sslcompat.py
index 7bf5e06..8ad4ce4 100644
--- a/lib/py/src/transport/sslcompat.py
+++ b/lib/py/src/transport/sslcompat.py
@@ -25,7 +25,7 @@
logger = logging.getLogger(__name__)
-def legacy_validate_callback(self, cert, hostname):
+def legacy_validate_callback(cert, hostname):
"""legacy method to validate the peer's SSL certificate, and to check
the commonName of the certificate to ensure it matches the hostname we
used to make this connection. Does not support subjectAltName records
@@ -36,7 +36,7 @@
if 'subject' not in cert:
raise TTransportException(
TTransportException.NOT_OPEN,
- 'No SSL certificate found from %s:%s' % (self.host, self.port))
+ 'No SSL certificate found from %s' % hostname)
fields = cert['subject']
for field in fields:
# ensure structure we get back is what we expect
@@ -57,7 +57,7 @@
raise TTransportException(
TTransportException.UNKNOWN,
'Hostname we connected to "%s" doesn\'t match certificate '
- 'provided commonName "%s"' % (self.host, certhost))
+ 'provided commonName "%s"' % (hostname, certhost))
raise TTransportException(
TTransportException.UNKNOWN,
'Could not validate SSL certificate from host "%s". Cert=%s'
diff --git a/lib/py/test/test_sslsocket.py b/lib/py/test/test_sslsocket.py
index 3e4b266..8951618 100644
--- a/lib/py/test/test_sslsocket.py
+++ b/lib/py/test/test_sslsocket.py
@@ -237,6 +237,9 @@
self._assert_connection_success(server, cert_reqs=ssl.CERT_REQUIRED, ca_certs=SERVER_CERT)
def test_client_cert(self):
+ if not _match_has_ipaddress:
+ print('skipping test_client_cert')
+ return
server = self._server_socket(
cert_reqs=ssl.CERT_REQUIRED, keyfile=SERVER_KEY,
certfile=SERVER_CERT, ca_certs=CLIENT_CERT)
@@ -333,7 +336,7 @@
if __name__ == '__main__':
logging.basicConfig(level=logging.WARN)
- from thrift.transport.TSSLSocket import TSSLSocket, TSSLServerSocket
+ from thrift.transport.TSSLSocket import TSSLSocket, TSSLServerSocket, _match_has_ipaddress
from thrift.transport.TTransport import TTransportException
unittest.main()