backports.ssl_match_hostname-3.4.0.2/0000775000175000017500000000000012233264123020212 5ustar badgerbadger00000000000000backports.ssl_match_hostname-3.4.0.2/setup.cfg0000664000175000017500000000007312233264123022033 0ustar badgerbadger00000000000000[egg_info] tag_build = tag_date = 0 tag_svn_revision = 0 backports.ssl_match_hostname-3.4.0.2/PKG-INFO0000664000175000017500000000571312233264123021315 0ustar badgerbadger00000000000000Metadata-Version: 1.1 Name: backports.ssl_match_hostname Version: 3.4.0.2 Summary: The ssl.match_hostname() function from Python 3.4 Home-page: http://bitbucket.org/brandon/backports.ssl_match_hostname Author: Brandon Craig Rhodes Author-email: brandon@rhodesmill.org License: UNKNOWN Description: The Secure Sockets layer is only actually *secure* if you check the hostname in the certificate returned by the server to which you are connecting, and verify that it matches to hostname that you are trying to reach. But the matching logic, defined in `RFC2818`_, can be a bit tricky to implement on your own. So the ``ssl`` package in the Standard Library of Python 3.2 and greater now includes a ``match_hostname()`` function for performing this check instead of requiring every application to implement the check separately. This backport brings ``match_hostname()`` to users of earlier versions of Python. Simply make this distribution a dependency of your package, and then use it like this:: from backports.ssl_match_hostname import match_hostname, CertificateError ... sslsock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_REQUIRED, ca_certs=...) try: match_hostname(sslsock.getpeercert(), hostname) except CertificateError, ce: ... Note that the ``ssl`` module is only included in the Standard Library for Python 2.6 and later; users of Python 2.5 or earlier versions will also need to install the ``ssl`` distribution from the Python Package Index to use code like that shown above. Brandon Craig Rhodes is merely the packager of this distribution; the actual code inside comes verbatim from Python 3.4. History ------- * This function was introduced in python-3.2 * It was updated for python-3.4a1 for a CVE (backports-ssl_match_hostname-3.4.0.1) * It was updated from RFC2818 to RFC 6125 compliance in order to fix another security flaw for python-3.3.3 and python-3.4a5 (backports-ssl_match_hostname-3.4.0.2) .. _RFC2818: http://tools.ietf.org/html/rfc2818.html Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: License :: OSI Approved :: Python Software Foundation License Classifier: Programming Language :: Python :: 2.4 Classifier: Programming Language :: Python :: 2.5 Classifier: Programming Language :: Python :: 2.6 Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.0 Classifier: Programming Language :: Python :: 3.1 Classifier: Topic :: Security :: Cryptography backports.ssl_match_hostname-3.4.0.2/setup.py0000644000175000017500000000560712233264107021734 0ustar badgerbadger00000000000000# -*- coding: utf-8 -*- # This setup.py was generated automatically by Pyron. # For details, see http://pypi.python.org/pypi/pyron/ from setuptools import setup, find_packages setup( name = 'backports.ssl_match_hostname', version = '3.4.0.2', description = 'The ssl.match_hostname() function from Python 3.4', long_description = '\nThe Secure Sockets layer is only actually *secure*\nif you check the hostname in the certificate returned\nby the server to which you are connecting,\nand verify that it matches to hostname\nthat you are trying to reach.\n\nBut the matching logic, defined in `RFC2818`_,\ncan be a bit tricky to implement on your own.\nSo the ``ssl`` package in the Standard Library of Python 3.2\nand greater now includes a ``match_hostname()`` function\nfor performing this check instead of requiring every application\nto implement the check separately.\n\nThis backport brings ``match_hostname()`` to users\nof earlier versions of Python.\nSimply make this distribution a dependency of your package,\nand then use it like this::\n\n from backports.ssl_match_hostname import match_hostname, CertificateError\n ...\n sslsock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_SSLv3,\n cert_reqs=ssl.CERT_REQUIRED, ca_certs=...)\n try:\n match_hostname(sslsock.getpeercert(), hostname)\n except CertificateError, ce:\n ...\n\nNote that the ``ssl`` module is only included in the Standard Library\nfor Python 2.6 and later;\nusers of Python 2.5 or earlier versions\nwill also need to install the ``ssl`` distribution\nfrom the Python Package Index to use code like that shown above.\n\nBrandon Craig Rhodes is merely the packager of this distribution;\nthe actual code inside comes verbatim from Python 3.4.\n\nHistory\n-------\n* This function was introduced in python-3.2\n* It was updated for python-3.4a1 for a CVE \n (backports-ssl_match_hostname-3.4.0.1)\n* It was updated from RFC2818 to RFC 6125 compliance in order to fix another\n security flaw for python-3.3.3 and python-3.4a5\n (backports-ssl_match_hostname-3.4.0.2)\n\n\n.. _RFC2818: http://tools.ietf.org/html/rfc2818.html\n\n', author = 'Brandon Craig Rhodes', author_email = 'brandon@rhodesmill.org', url = 'http://bitbucket.org/brandon/backports.ssl_match_hostname', classifiers = ['Development Status :: 5 - Production/Stable', 'License :: OSI Approved :: Python Software Foundation License', 'Programming Language :: Python :: 2.4', 'Programming Language :: Python :: 2.5', 'Programming Language :: Python :: 2.6', 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3', 'Programming Language :: Python :: 3.0', 'Programming Language :: Python :: 3.1', 'Topic :: Security :: Cryptography'], package_dir = {'': 'src'}, packages = find_packages('src'), include_package_data = True, install_requires = [], entry_points = '', ) backports.ssl_match_hostname-3.4.0.2/MANIFEST.in0000644000175000017500000000003012233263650021743 0ustar badgerbadger00000000000000recursive-include src * backports.ssl_match_hostname-3.4.0.2/src/0000775000175000017500000000000012233264123021001 5ustar badgerbadger00000000000000backports.ssl_match_hostname-3.4.0.2/src/backports.ssl_match_hostname.egg-info/0000775000175000017500000000000012233264123030335 5ustar badgerbadger00000000000000backports.ssl_match_hostname-3.4.0.2/src/backports.ssl_match_hostname.egg-info/top_level.txt0000664000175000017500000000001212233264123033060 0ustar badgerbadger00000000000000backports backports.ssl_match_hostname-3.4.0.2/src/backports.ssl_match_hostname.egg-info/PKG-INFO0000664000175000017500000000571312233264123031440 0ustar badgerbadger00000000000000Metadata-Version: 1.1 Name: backports.ssl-match-hostname Version: 3.4.0.2 Summary: The ssl.match_hostname() function from Python 3.4 Home-page: http://bitbucket.org/brandon/backports.ssl_match_hostname Author: Brandon Craig Rhodes Author-email: brandon@rhodesmill.org License: UNKNOWN Description: The Secure Sockets layer is only actually *secure* if you check the hostname in the certificate returned by the server to which you are connecting, and verify that it matches to hostname that you are trying to reach. But the matching logic, defined in `RFC2818`_, can be a bit tricky to implement on your own. So the ``ssl`` package in the Standard Library of Python 3.2 and greater now includes a ``match_hostname()`` function for performing this check instead of requiring every application to implement the check separately. This backport brings ``match_hostname()`` to users of earlier versions of Python. Simply make this distribution a dependency of your package, and then use it like this:: from backports.ssl_match_hostname import match_hostname, CertificateError ... sslsock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_REQUIRED, ca_certs=...) try: match_hostname(sslsock.getpeercert(), hostname) except CertificateError, ce: ... Note that the ``ssl`` module is only included in the Standard Library for Python 2.6 and later; users of Python 2.5 or earlier versions will also need to install the ``ssl`` distribution from the Python Package Index to use code like that shown above. Brandon Craig Rhodes is merely the packager of this distribution; the actual code inside comes verbatim from Python 3.4. History ------- * This function was introduced in python-3.2 * It was updated for python-3.4a1 for a CVE (backports-ssl_match_hostname-3.4.0.1) * It was updated from RFC2818 to RFC 6125 compliance in order to fix another security flaw for python-3.3.3 and python-3.4a5 (backports-ssl_match_hostname-3.4.0.2) .. _RFC2818: http://tools.ietf.org/html/rfc2818.html Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: License :: OSI Approved :: Python Software Foundation License Classifier: Programming Language :: Python :: 2.4 Classifier: Programming Language :: Python :: 2.5 Classifier: Programming Language :: Python :: 2.6 Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.0 Classifier: Programming Language :: Python :: 3.1 Classifier: Topic :: Security :: Cryptography backports.ssl_match_hostname-3.4.0.2/src/backports.ssl_match_hostname.egg-info/SOURCES.txt0000664000175000017500000000062412233264123032223 0ustar badgerbadger00000000000000MANIFEST.in setup.py src/backports/__init__.py src/backports.ssl_match_hostname.egg-info/PKG-INFO src/backports.ssl_match_hostname.egg-info/SOURCES.txt src/backports.ssl_match_hostname.egg-info/dependency_links.txt src/backports.ssl_match_hostname.egg-info/top_level.txt src/backports/ssl_match_hostname/LICENSE.txt src/backports/ssl_match_hostname/README.txt src/backports/ssl_match_hostname/__init__.pybackports.ssl_match_hostname-3.4.0.2/src/backports.ssl_match_hostname.egg-info/dependency_links.txt0000664000175000017500000000000112233264123034403 0ustar badgerbadger00000000000000 backports.ssl_match_hostname-3.4.0.2/src/backports/0000775000175000017500000000000012233264123022771 5ustar badgerbadger00000000000000backports.ssl_match_hostname-3.4.0.2/src/backports/ssl_match_hostname/0000775000175000017500000000000012233264123026644 5ustar badgerbadger00000000000000backports.ssl_match_hostname-3.4.0.2/src/backports/ssl_match_hostname/__init__.py0000644000175000017500000000710212233263650030757 0ustar badgerbadger00000000000000"""The match_hostname() function from Python 3.3.3, essential when using SSL.""" import re __version__ = '3.4.0.2' class CertificateError(ValueError): pass def _dnsname_match(dn, hostname, max_wildcards=1): """Matching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 """ pats = [] if not dn: return False # Ported from python3-syntax: # leftmost, *remainder = dn.split(r'.') parts = dn.split(r'.') leftmost = parts[0] remainder = parts[1:] wildcards = leftmost.count('*') if wildcards > max_wildcards: # Issue #17980: avoid denials of service by refusing more # than one wildcard per fragment. A survey of established # policy among SSL implementations showed it to be a # reasonable choice. raise CertificateError( "too many wildcards in certificate DNS name: " + repr(dn)) # speed up common case w/o wildcards if not wildcards: return dn.lower() == hostname.lower() # RFC 6125, section 6.4.3, subitem 1. # The client SHOULD NOT attempt to match a presented identifier in which # the wildcard character comprises a label other than the left-most label. if leftmost == '*': # When '*' is a fragment by itself, it matches a non-empty dotless # fragment. pats.append('[^.]+') elif leftmost.startswith('xn--') or hostname.startswith('xn--'): # RFC 6125, section 6.4.3, subitem 3. # The client SHOULD NOT attempt to match a presented identifier # where the wildcard character is embedded within an A-label or # U-label of an internationalized domain name. pats.append(re.escape(leftmost)) else: # Otherwise, '*' matches any dotless string, e.g. www* pats.append(re.escape(leftmost).replace(r'\*', '[^.]*')) # add the remaining fragments, ignore any wildcards for frag in remainder: pats.append(re.escape(frag)) pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE) return pat.match(hostname) def match_hostname(cert, hostname): """Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. """ if not cert: raise ValueError("empty or no certificate") dnsnames = [] san = cert.get('subjectAltName', ()) for key, value in san: if key == 'DNS': if _dnsname_match(value, hostname): return dnsnames.append(value) if not dnsnames: # The subject is only checked when there is no dNSName entry # in subjectAltName for sub in cert.get('subject', ()): for key, value in sub: # XXX according to RFC 2818, the most specific Common Name # must be used. if key == 'commonName': if _dnsname_match(value, hostname): return dnsnames.append(value) if len(dnsnames) > 1: raise CertificateError("hostname %r " "doesn't match either of %s" % (hostname, ', '.join(map(repr, dnsnames)))) elif len(dnsnames) == 1: raise CertificateError("hostname %r " "doesn't match %r" % (hostname, dnsnames[0])) else: raise CertificateError("no appropriate commonName or " "subjectAltName fields were found") backports.ssl_match_hostname-3.4.0.2/src/backports/ssl_match_hostname/LICENSE.txt0000644000175000017500000000460312233263650030474 0ustar badgerbadger00000000000000Python License (Python-2.0) Python License, Version 2 (Python-2.0) PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2 -------------------------------------------- 1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and the Individual or Organization ("Licensee") accessing and otherwise using this software ("Python") in source or binary form and its associated documentation. 2. Subject to the terms and conditions of this License Agreement, PSF hereby grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use Python alone or in any derivative version, provided, however, that PSF's License Agreement and PSF's notice of copyright, i.e., "Copyright (c) 2001-2013 Python Software Foundation; All Rights Reserved" are retained in Python alone or in any derivative version prepared by Licensee. 3. In the event Licensee prepares a derivative work that is based on or incorporates Python or any part thereof, and wants to make the derivative work available to others as provided herein, then Licensee hereby agrees to include in any such work a brief summary of the changes made to Python. 4. PSF is making Python available to Licensee on an "AS IS" basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 6. This License Agreement will automatically terminate upon a material breach of its terms and conditions. 7. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between PSF and Licensee. This License Agreement does not grant permission to use PSF trademarks or trade name in a trademark sense to endorse or promote products or services of Licensee, or any third party. 8. By copying, installing or otherwise using Python, Licensee agrees to be bound by the terms and conditions of this License Agreement. backports.ssl_match_hostname-3.4.0.2/src/backports/ssl_match_hostname/README.txt0000644000175000017500000000353712233263650030354 0ustar badgerbadger00000000000000 The ssl.match_hostname() function from Python 3.4 ================================================= The Secure Sockets layer is only actually *secure* if you check the hostname in the certificate returned by the server to which you are connecting, and verify that it matches to hostname that you are trying to reach. But the matching logic, defined in `RFC2818`_, can be a bit tricky to implement on your own. So the ``ssl`` package in the Standard Library of Python 3.2 and greater now includes a ``match_hostname()`` function for performing this check instead of requiring every application to implement the check separately. This backport brings ``match_hostname()`` to users of earlier versions of Python. Simply make this distribution a dependency of your package, and then use it like this:: from backports.ssl_match_hostname import match_hostname, CertificateError ... sslsock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_REQUIRED, ca_certs=...) try: match_hostname(sslsock.getpeercert(), hostname) except CertificateError, ce: ... Note that the ``ssl`` module is only included in the Standard Library for Python 2.6 and later; users of Python 2.5 or earlier versions will also need to install the ``ssl`` distribution from the Python Package Index to use code like that shown above. Brandon Craig Rhodes is merely the packager of this distribution; the actual code inside comes verbatim from Python 3.4. History ------- * This function was introduced in python-3.2 * It was updated for python-3.4a1 for a CVE (backports-ssl_match_hostname-3.4.0.1) * It was updated from RFC2818 to RFC 6125 compliance in order to fix another security flaw for python-3.3.3 and python-3.4a5 (backports-ssl_match_hostname-3.4.0.2) .. _RFC2818: http://tools.ietf.org/html/rfc2818.html backports.ssl_match_hostname-3.4.0.2/src/backports/__init__.py0000644000175000017500000000023312233263650025102 0ustar badgerbadger00000000000000# This is a Python "namespace package" http://www.python.org/dev/peps/pep-0382/ from pkgutil import extend_path __path__ = extend_path(__path__, __name__)