From 7d803fd552feeeac071848aef58b2314276ab21f Mon Sep 17 00:00:00 2001
From: Narayan Desai <desai@mcs.anl.gov>
Date: Wed, 9 Dec 2009 17:22:58 +0000
Subject: Proxy: better error handling (Resolves Ticket #810)  - Handle
 M2Crypto wrongHost errors cleanly  - auto-resolve IP addresses given in
 server URLs

git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5616 ce84e21b-d406-0410-9b95-82705330c041
---
 src/lib/Proxy.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'src/lib/Proxy.py')

diff --git a/src/lib/Proxy.py b/src/lib/Proxy.py
index ac083dfa6..e24a70aec 100644
--- a/src/lib/Proxy.py
+++ b/src/lib/Proxy.py
@@ -14,6 +14,7 @@ from xmlrpclib import _Method
 
 import httplib
 import logging
+import re
 import socket
 
 # The ssl module is provided by either Python 2.6 or a separate ssl
@@ -25,6 +26,7 @@ try:
     SSL_LIB = 'py26_ssl'
 except ImportError, e:
     from M2Crypto import SSL
+    import M2Crypto.SSL.Checker
     SSL_LIB = 'm2crypto'
 
 
@@ -220,7 +222,20 @@ class SSLHTTPConnection(httplib.HTTPConnection):
             self.logger.warning("SSL key specfied, but no cert. Cannot authenticate this client with SSL.")
 
         self.sock = SSL.Connection(ctx)
-        self.sock.connect((self.host, self.port)) # automatically checks cert matches host
+        if re.match('\\d+\\.\\d+\\.\\d+\\.\\d+', self.host):
+            # host is ip address
+            try:
+                hostname = socket.gethostbyaddr(self.host)[0]
+            except:
+                # fall back to ip address
+                hostname = self.host
+        else:
+            hostname = self.host
+        try:
+            self.sock.connect((hostname, self.port))
+            # automatically checks cert matches host
+        except M2Crypto.SSL.Checker.WrongHost, wr:
+            raise CertificateError, wr
 
 
 class XMLRPCTransport(xmlrpclib.Transport):
-- 
cgit v1.2.3-1-g7c22