From Dan Kenigsberg <danken(a)redhat.com&gt;: Dan Kenigsberg has uploaded a new change for review. Change subject: sslutils: _compare_names: fix arg names and add tests ...................................................................... sslutils: _compare_names: fix arg names and add tests _compare_names needs to return True if the TCP stream originates from a source address that matches the certificate presented by the client. This match makes the method args clearer. Since the method does not need to use `self` it is declared a @staticmethod. Tests are added to document its expected behavior and make sure it is maintained in a following patch. Change-Id: I7faeaaee728da4f97aaa05fddf3ab2e418cb2c40 Signed-off-by: Dan Kenigsberg <danken(a)redhat.com&gt; --- M lib/vdsm/sslutils.py M tests/ssl_test.py 2 files changed, 25 insertions(+), 3 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/51/70951/1 diff --git a/lib/vdsm/sslutils.py b/lib/vdsm/sslutils.py index c3f9560..1017ec6 100644 --- a/lib/vdsm/sslutils.py +++ b/lib/vdsm/sslutils.py @@ -235,11 +235,13 @@ return False - def _compare_names(self, addr, name): - if addr == name or addr == '127.0.0.1': + @staticmethod + def _compare_names(tcp_source, common_name): + if tcp_source == common_name or tcp_source == '127.0.0.1': return True else: - return name.lower() == socket.gethostbyaddr(addr)[0].lower() + return (common_name.lower() == + socket.gethostbyaddr(tcp_source)[0].lower()) def _handshake(self, dispatcher): try: diff --git a/tests/ssl_test.py b/tests/ssl_test.py index b9bac99..80250ae 100644 --- a/tests/ssl_test.py +++ b/tests/ssl_test.py @@ -20,6 +20,7 @@ from __future__ import print_function import errno +import mock import os import re from six.moves import xmlrpc_client as xmlrpclib @@ -44,6 +45,7 @@ get_server_socket, KEY_FILE, \ CRT_FILE, OTHER_KEY_FILE, OTHER_CRT_FILE _m2cEnabled = False +from vdsm.sslutils import SSLHandshakeDispatcher HOST = '127.0.0.1' @@ -374,6 +376,24 @@ self.assertEqual(secondSessionId, firstSessionId) +class CompareNameTest(TestCaseBase): + @mock.patch('socket.gethostbyaddr') + def test_same_string(self, mock_gethostbyaddr): + mock_gethostbyaddr.return_value = ('commonname', [], ['10.0.0.1']) + self.assertTrue(SSLHandshakeDispatcher._compare_names( + '10.0.0.1', 'commonname')) + + @mock.patch('socket.gethostbyaddr') + def test_imposter(self, mock_gethostbyaddr): + mock_gethostbyaddr.return_value = ('truename', [], ['10.0.0.1']) + self.assertFalse(SSLHandshakeDispatcher._compare_names( + '10.0.0.1', 'commonname')) + + def test_local_addresses(self): + self.assertTrue(SSLHandshakeDispatcher._compare_names( + '127.0.0.1', 'commonname')) + + # The address of the tests server: ADDRESS = ("127.0.0.1", 8443) -- To view, visit https://gerrit.ovirt.org/70951 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7faeaaee728da4f97aaa05fddf3ab2e418cb2c40 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Dan Kenigsberg <danken(a)redhat.com&gt;