Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
poezio
slixmpp
Commits
b60b1b98
Verified
Commit
b60b1b98
authored
Nov 11, 2022
by
Maxime Buquet
Browse files
CVE-2022-45197: Fix missing certificate hostname validation
Signed-off-by:
Maxime “pep” Buquet
<
pep@bouah.net
>
parent
e93e43df
Changes
1
Hide whitespace changes
Inline
Side-by-side
slixmpp/xmlstream/xmlstream.py
View file @
b60b1b98
...
...
@@ -299,8 +299,8 @@ class XMLStream(asyncio.BaseProtocol):
self
.
scheduled_events
=
{}
self
.
ssl_context
=
ssl
.
create_default_context
()
self
.
ssl_context
.
check_hostname
=
Fals
e
self
.
ssl_context
.
verify_mode
=
ssl
.
CERT_
NONE
self
.
ssl_context
.
check_hostname
=
Tru
e
self
.
ssl_context
.
verify_mode
=
ssl
.
CERT_
REQUIRED
self
.
event_when_connected
=
"connected"
...
...
@@ -484,11 +484,12 @@ class XMLStream(asyncio.BaseProtocol):
if
self
.
_current_connection_attempt
is
None
:
return
try
:
server_hostname
=
self
.
default_domain
if
self
.
use_ssl
else
None
await
self
.
loop
.
create_connection
(
lambda
:
self
,
self
.
address
[
0
],
self
.
address
[
1
],
ssl
=
ssl_context
,
server_hostname
=
se
lf
.
default_domain
if
self
.
use_ssl
else
Non
e
)
server_hostname
=
se
rver_hostnam
e
)
self
.
_connect_loop_wait
=
0
except
Socket
.
gaierror
as
e
:
self
.
event
(
'connection_failed'
,
...
...
@@ -827,15 +828,15 @@ class XMLStream(asyncio.BaseProtocol):
try
:
if
hasattr
(
self
.
loop
,
'start_tls'
):
transp
=
await
self
.
loop
.
start_tls
(
self
.
transport
,
self
,
ssl_context
)
self
,
ssl_context
,
server_hostname
=
self
.
default_domain
)
# Python < 3.7
else
:
transp
,
_
=
await
self
.
loop
.
create_connection
(
lambda
:
self
,
ssl
=
self
.
ssl_context
,
sock
=
self
.
socket
,
server_hostname
=
self
.
default_domain
)
server_hostname
=
self
.
default_domain
)
except
ssl
.
SSLError
as
e
:
log
.
debug
(
'SSL: Unable to connect'
,
exc_info
=
True
)
log
.
error
(
'CERT: Invalid certificate trust chain.'
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment