From 7773bdf836e215b2f0a050579f1d8faa084aecbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Boros=20G=C3=A1bor?= Date: Sat, 2 Nov 2019 10:02:37 +0100 Subject: [PATCH] Revert "Feature/wildcard certs hostname" (#150) --- rethinkdb/gevent_net/net_gevent.py | 6 +----- rethinkdb/helpers.py | 12 ----------- rethinkdb/net.py | 6 +----- tests/test_helpers.py | 33 +----------------------------- 4 files changed, 3 insertions(+), 54 deletions(-) diff --git a/rethinkdb/gevent_net/net_gevent.py b/rethinkdb/gevent_net/net_gevent.py index 2969922e..a151ba5c 100644 --- a/rethinkdb/gevent_net/net_gevent.py +++ b/rethinkdb/gevent_net/net_gevent.py @@ -26,7 +26,6 @@ from rethinkdb import net, ql2_pb2 from rethinkdb.errors import ReqlAuthError, ReqlCursorEmpty, ReqlDriverError, ReqlTimeoutError, RqlDriverError, \ RqlTimeoutError -from rethinkdb.helpers import get_hostname_for_ssl_match from rethinkdb.logger import default_logger __all__ = ['Connection'] @@ -104,10 +103,7 @@ def __init__(self, parent): self._socket.close() raise ReqlDriverError("SSL handshake failed (see server log for more information): %s" % str(exc)) try: - ssl.match_hostname( - self._socket.getpeercert(), - hostname=get_hostname_for_ssl_match(self.host) - ) + ssl.match_hostname(self._socket.getpeercert(), hostname=self.host) except ssl.CertificateError: self._socket.close() raise diff --git a/rethinkdb/helpers.py b/rethinkdb/helpers.py index 46152e49..4a161286 100644 --- a/rethinkdb/helpers.py +++ b/rethinkdb/helpers.py @@ -1,22 +1,10 @@ import six - def decode_utf8(string, encoding='utf-8'): if hasattr(string, 'decode'): return string.decode(encoding) return string - def chain_to_bytes(*strings): return b''.join([six.b(string) if isinstance(string, six.string_types) else string for string in strings]) - - -def get_hostname_for_ssl_match(hostname): - parts = hostname.split('.') - - if len(parts) < 3: - return hostname - - parts[0] = '*' - return '.'.join(parts) diff --git a/rethinkdb/net.py b/rethinkdb/net.py index 155e038d..5a4c8ddc 100644 --- a/rethinkdb/net.py +++ b/rethinkdb/net.py @@ -44,7 +44,6 @@ ReqlTimeoutError, ReqlUserError) from rethinkdb.handshake import HandshakeV1_0 -from rethinkdb.helpers import get_hostname_for_ssl_match from rethinkdb.logger import default_logger __all__ = ['Connection', 'Cursor', 'DEFAULT_PORT', 'DefaultConnection', 'make_connection'] @@ -353,10 +352,7 @@ def __init__(self, parent, timeout): "SSL handshake failed (see server log for more information): %s" % str(err)) try: - ssl.match_hostname( - self._socket.getpeercert(), - hostname=get_hostname_for_ssl_match(self.host) - ) + match_hostname(self._socket.getpeercert(), hostname=self.host) except CertificateError: self._socket.close() raise diff --git a/tests/test_helpers.py b/tests/test_helpers.py index 68e5fefb..ca868de6 100644 --- a/tests/test_helpers.py +++ b/tests/test_helpers.py @@ -1,6 +1,6 @@ import pytest from mock import Mock -from rethinkdb.helpers import decode_utf8, chain_to_bytes, get_hostname_for_ssl_match +from rethinkdb.helpers import decode_utf8, chain_to_bytes @pytest.mark.unit class TestDecodeUTF8Helper(object): @@ -42,34 +42,3 @@ def test_mixed_chaining(self): result = chain_to_bytes('iron', ' ', b'man') assert result == expected_string - - -@pytest.mark.unit -class TestSSLMatchHostHostnameHelper(object): - def test_subdomain_replaced_to_star(self): - expected_string = '*.example.com' - - result = get_hostname_for_ssl_match('test.example.com') - - assert result == expected_string - - def test_subdomain_replaced_to_star_special_tld(self): - expected_string = '*.example.co.uk' - - result = get_hostname_for_ssl_match('test.example.co.uk') - - assert result == expected_string - - def test_no_subdomain_to_replace(self): - expected_string = 'example.com' - - result = get_hostname_for_ssl_match(expected_string) - - assert result == expected_string - - def test_no_tld(self): - expected_string = 'localhost' - - result = get_hostname_for_ssl_match(expected_string) - - assert result == expected_string