Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check_hostname error, for Http.requestUrl() #8401

Open
supergeoff opened this issue Jun 10, 2019 · 2 comments
Open

Check_hostname error, for Http.requestUrl() #8401

supergeoff opened this issue Jun 10, 2019 · 2 comments
Labels
platform-python Everything related to Python
Milestone
Later

Comments

@supergeoff
Copy link

Http.requestUrl() result in error:
ValueError: check_hostname requires server_hostname
If targeting Python with python_version>=3.4 flag.
Ssl.context created in python.net.SslSocket uses SERVER_AUTH by default, it sets
context.verify_mode to CERT_REQUIRED and context.check_hostname to True.

Several infos i found in python.net.SslSocket

package python.net;

import python.lib.Ssl;
import python.lib.socket.Socket as PSocket;
import python.lib.ssl.Purpose;

class SslSocket extends sys.net.Socket {
	var hostName:String;

	override function __initSocket():Void {
		#if (python_version >= 3.4)
		var context = Ssl.create_default_context(Purpose.SERVER_AUTH);
		#else
		// hopefully these options are good enough
		var context = new python.lib.ssl.SSLContext(Ssl.PROTOCOL_SSLv23);
		context.verify_mode = Ssl.CERT_REQUIRED;
		context.set_default_verify_paths();
		context.options |= Ssl.OP_NO_SSLv2;
		context.options |= Ssl.OP_NO_SSLv3;
		context.options |= Ssl.OP_NO_COMPRESSION;
		#end
		context.options |= Ssl.OP_NO_TLSv1 #if (python_version >= 3.4) | Ssl.OP_NO_TLSv1_1 #end; // python 3.4 | Ssl.OP_NO_TLSv1_1;
		__s = new PSocket();
		__s = context.wrap_socket(__s, false, true, true, this.hostName);
	}
}

I'm guessing it has to do with REST API that requires CLIENT side certificate authentication.

My thoughts (Keep in mind I'm a beginner and I do not understand much of TLS encryption stuff...)

Add a flag in the Http.requestUrl() to specify the side of authentication.
Set the value of hostname that seems to be lost somewhere?

Also:

Disable check_hostname solve the issue...
Set Purpose.CLIENT_AUTH for create_default_context solve the issue...

Is it an issue related to Haxe? Is it an issue related to Python, is it an issue with how I use the Http.requestUrl stuff?

Best regards;
@RealyUniqueName RealyUniqueName added this to the Bugs milestone Jun 18, 2019
@RealyUniqueName RealyUniqueName added the platform-python Everything related to Python label Jun 18, 2019
@RealyUniqueName
Copy link
Member

To me it looks like an issue of the python target.

@Simn Simn modified the milestones: Bugs, Later Mar 24, 2023
theJenix added a commit to theJenix/haxe that referenced this issue Mar 28, 2023
@theJenix
[python] Fixed python.net.SslSocket when python-version >= 3.4 (HaxeF…
1e41e5c 
…oundation#8401)

The issue where SslSocket throws an exception is due to hostName being
null in wrap_socket.  This fix delays wrap_socket until after connect is
called, so we can pass a host in.
@theJenix
Copy link
Contributor

I just ran into this in Haxe 4.2.5 and traced it down to an issue with the order in which the various sockets/ssl methods are called. I just issued a pull request for a fix; happy to adjust it as needed to make that fix acceptable.

Simn pushed a commit that referenced this issue Mar 30, 2023
@theJenix
[python] Fixed python.net.SslSocket when python-version >= 3.4 (#8401) (
a521f7a 
#11050)

* [python] Fixed python.net.SslSocket when python-version >= 3.4 (#8401)

The issue where SslSocket throws an exception is due to hostName being
null in wrap_socket.  This fix delays wrap_socket until after connect is
called, so we can pass a host in.

* added compilation flag to only run this for python

* removed sys.net.Host import; it was unused, and it caused issues on
non-sys targets

* fixed test to work across platforms (see comment in code)

fixed copy/paste error in code comments

* added gettimeout, getblocking, and getsockopt to
python.lib.socket.Socket
(also added overload of setsockopt to take an Int value)

updated Issue8401 to remove casts

* replaced eq with feq in test for settimeout values
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
platform-python Everything related to Python
Projects
None yet
Milestone
Later
Development

No branches or pull requests
4 participants
@Simn @theJenix @RealyUniqueName @supergeoff