From Dan Kenigsberg <danken(a)redhat.com>:
Dan Kenigsberg has uploaded a new change for review.
Change subject: sslutils: _compare_names: fix arg names and add tests
......................................................................
sslutils: _compare_names: fix arg names and add tests
_compare_names needs to return True if the TCP stream originates from a
source address that matches the certificate presented by the client.
This match makes the method args clearer. Since the method does not need
to use `self` it is declared a @staticmethod. Tests are added to
document its expected behavior and make sure it is maintained in a
following patch.
Change-Id: I7faeaaee728da4f97aaa05fddf3ab2e418cb2c40
Signed-off-by: Dan Kenigsberg <danken(a)redhat.com>
---
M lib/vdsm/sslutils.py
M tests/ssl_test.py
2 files changed, 25 insertions(+), 3 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/51/70951/1
diff --git a/lib/vdsm/sslutils.py b/lib/vdsm/sslutils.py
index c3f9560..1017ec6 100644
--- a/lib/vdsm/sslutils.py
+++ b/lib/vdsm/sslutils.py
@@ -235,11 +235,13 @@
return False
- def _compare_names(self, addr, name):
- if addr == name or addr == '127.0.0.1':
+ @staticmethod
+ def _compare_names(tcp_source, common_name):
+ if tcp_source == common_name or tcp_source == '127.0.0.1':
return True
else:
- return name.lower() == socket.gethostbyaddr(addr)[0].lower()
+ return (common_name.lower() ==
+ socket.gethostbyaddr(tcp_source)[0].lower())
def _handshake(self, dispatcher):
try:
diff --git a/tests/ssl_test.py b/tests/ssl_test.py
index b9bac99..80250ae 100644
--- a/tests/ssl_test.py
+++ b/tests/ssl_test.py
@@ -20,6 +20,7 @@
from __future__ import print_function
import errno
+import mock
import os
import re
from six.moves import xmlrpc_client as xmlrpclib
@@ -44,6 +45,7 @@
get_server_socket, KEY_FILE, \
CRT_FILE, OTHER_KEY_FILE, OTHER_CRT_FILE
_m2cEnabled = False
+from vdsm.sslutils import SSLHandshakeDispatcher
HOST = '127.0.0.1'
@@ -374,6 +376,24 @@
self.assertEqual(secondSessionId, firstSessionId)
+class CompareNameTest(TestCaseBase):
+ @mock.patch('socket.gethostbyaddr')
+ def test_same_string(self, mock_gethostbyaddr):
+ mock_gethostbyaddr.return_value = ('commonname', [],
['10.0.0.1'])
+ self.assertTrue(SSLHandshakeDispatcher._compare_names(
+ '10.0.0.1', 'commonname'))
+
+ @mock.patch('socket.gethostbyaddr')
+ def test_imposter(self, mock_gethostbyaddr):
+ mock_gethostbyaddr.return_value = ('truename', [], ['10.0.0.1'])
+ self.assertFalse(SSLHandshakeDispatcher._compare_names(
+ '10.0.0.1', 'commonname'))
+
+ def test_local_addresses(self):
+ self.assertTrue(SSLHandshakeDispatcher._compare_names(
+ '127.0.0.1', 'commonname'))
+
+
# The address of the tests server:
ADDRESS = ("127.0.0.1", 8443)
--
To view, visit
https://gerrit.ovirt.org/70951
To unsubscribe, visit
https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7faeaaee728da4f97aaa05fddf3ab2e418cb2c40
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Dan Kenigsberg <danken(a)redhat.com>