Make pyOpenSSL skip DNS names which can't be idna-encoded #1406
+19
−8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
encoded. See #1405 and #requests/requests/4569
urllib3/contrib/pyopenssl.py
Outdated
| ] | ||
| # We also want to skip over names which cannot be idna encoded. | ||
| names = [] | ||
| for name in ext.get_values_for_type(x509.DNSName): |
There was a problem hiding this comment.
We could instead do
names = [
('DNS', name) for name in map(_dnsname_to_stdlib, ext.get_values_for_type(x509.DNSName))
if name is not None
]There was a problem hiding this comment.
I'll change to that! I never think to use map. :)
Codecov Report
@@ Coverage Diff @@
## master #1406 +/- ##
======================================
Coverage 100% 100%
======================================
Files 21 21
Lines 1788 1788
======================================
Hits 1788 1788Continue to review full report at Codecov.
|
|
Made the changes you suggested @sigmavirus24. |
|
Checked the patch and it's working for the site specified in the original issue: Before patch: >>> import requests
>>> requests.get("https://earthlingsoft.net/UnicodeChecker/appcast.xml")
Traceback (most recent call last):
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\idna\core.py", line 271, in alabel
ulabel(label)
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\idna\core.py", line 311, in ulabel
check_label(label)
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\idna\core.py", line 261, in check_label
raise InvalidCodepoint('Codepoint {0} at position {1} of {2} not allowed'.format(_unot(cp_value), pos+1, repr(label)))
idna.core.InvalidCodepoint: Codepoint U+2603 at position 1 of '☃' not allowed
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\requests\api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\requests\api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\requests\sessions.py", line 512, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\requests\sessions.py", line 622, in send
r = adapter.send(request, **kwargs)
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\requests\adapters.py", line 445, in send
timeout=timeout
File "C:\Users\sethm\Desktop\urllib3\urllib3\connectionpool.py", line 600, in urlopen
chunked=chunked)
File "C:\Users\sethm\Desktop\urllib3\urllib3\connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "C:\Users\sethm\Desktop\urllib3\urllib3\connectionpool.py", line 849, in _validate_conn
conn.connect()
File "C:\Users\sethm\Desktop\urllib3\urllib3\connection.py", line 367, in connect
cert = self.sock.getpeercert()
File "C:\Users\sethm\Desktop\urllib3\urllib3\contrib\pyopenssl.py", line 351, in getpeercert
'subjectAltName': get_subj_alt_name(x509)
File "C:\Users\sethm\Desktop\urllib3\urllib3\contrib\pyopenssl.py", line 228, in get_subj_alt_name
for name in ext.get_values_for_type(x509.DNSName)
File "C:\Users\sethm\Desktop\urllib3\urllib3\contrib\pyopenssl.py", line 228, in <listcomp>
for name in ext.get_values_for_type(x509.DNSName)
File "C:\Users\sethm\Desktop\urllib3\urllib3\contrib\pyopenssl.py", line 181, in _dnsname_to_stdlib
name = idna_encode(name)
File "C:\Users\sethm\Desktop\urllib3\urllib3\contrib\pyopenssl.py", line 179, in idna_encode
return idna.encode(name)
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\idna\core.py", line 361, in encode
s = alabel(label)
File "C:\Users\sethm\Desktop\urllib3\venv\lib\site-packages\idna\core.py", line 273, in alabel
raise IDNAError('The label {0} is not a valid A-label'.format(label))
idna.core.IDNAError: The label b'xn--n3h' is not a valid A-labelAfter patch: >>> import requests
>>> requests.get('https://earthlingsoft.net/UnicodeChecker/appcast.xml')
<Response [200]> |
|
Now if only there was a merge-when-CI-passes button. 🤔 |
|
@SethMichaelLarson GitLab has that feature. |
|
Thanks @sigmavirus24 for the review. :) |
This was referenced Jun 30, 2018
@sethmlarson @sigmavirus24 Refined Github has that feature :) |
Dobatymo
pushed a commit
to Dobatymo/urllib3
that referenced
this pull request
Mar 16, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See #1405 and psf/requests#4569.