diff options
| author | Jason R. Coombs <jaraco@jaraco.com> | 2013-11-03 08:12:40 -0800 |
|---|---|---|
| committer | Jason R. Coombs <jaraco@jaraco.com> | 2013-11-03 08:12:40 -0800 |
| commit | 6360097ac51941b83b52b006eedce60ddcf312f9 (patch) | |
| tree | 9388eefff0d01f3c62da03da0d4094283095e9fb /setuptools/svn_utils.py | |
| parent | 2644c5e54c7d5dae012a09f7d73d473d31aa2857 (diff) | |
| parent | ad6bce6ab02836ea6d90e69e5c6f3b851532874a (diff) | |
| download | python-setuptools-git-6360097ac51941b83b52b006eedce60ddcf312f9.tar.gz | |
Merge pull request #2 from abadger/feature/ssl-match-hostname-17997
There's apparently another security issue in the python3 match_hostname code. No CVE has been issued for it yet:
http://bugs.python.org/issue17997#msg194950
This merge includes two commits. The first updates the included match_hostname code to reflect what's in the python-3.3.3 and python-3.4 stdlib (with a minor change to preserve python2 compat). The second commit adds a check for the backports.ssl_match_hostname module from pypi: https://pypi.python.org/pypi/backports.ssl_match_hostname
If the stdlib doesn't have ssl_match_hostname but backports.ssl_match_hostname exists it uses that code. If neither one are present, then it uses the code included in setuptools.
Using backports.ssl_match_hostname helps system packagers and system admins to have a single place to maintain SSL support rather than every package that's copying the match_hostname code. On the other hand, it means that users won't get any fixes before they go into the backports.ssl_match_hostname module. Brandon Rhodes is the owner of that module and Toshio has done the last several releases to make sure that module is current with the match_hostname security issues.
Diffstat (limited to 'setuptools/svn_utils.py')
0 files changed, 0 insertions, 0 deletions