File slixmpp-CVE-2022-45197.patch of Package python-slixmpp.17772
Index: slixmpp-slix-1.4.2/slixmpp/xmlstream/xmlstream.py
===================================================================
--- slixmpp-slix-1.4.2.orig/slixmpp/xmlstream/xmlstream.py
+++ slixmpp-slix-1.4.2/slixmpp/xmlstream/xmlstream.py
@@ -85,8 +85,8 @@ class XMLStream(asyncio.BaseProtocol):
self.scheduled_events = {}
self.ssl_context = ssl.create_default_context()
- self.ssl_context.check_hostname = False
- self.ssl_context.verify_mode = ssl.CERT_NONE
+ self.ssl_context.check_hostname = True
+ self.ssl_context.verify_mode = ssl.CERT_REQUIRED
# The event to trigger when the create_connection() succeeds. It can
# be "connected" or "tls_success" depending on the step we are at.
@@ -311,11 +311,12 @@ class XMLStream(asyncio.BaseProtocol):
await asyncio.sleep(self.connect_loop_wait, loop=self.loop)
try:
+ server_hostname = self.default_domain if self.use_ssl else None
await self.loop.create_connection(lambda: self,
self.address[0],
self.address[1],
ssl=ssl_context,
- server_hostname=self.default_domain if self.use_ssl else None)
+ server_hostname=server_hostname)
self.connect_loop_wait = 0
except Socket.gaierror as e:
self.event('connection_failed',
@@ -547,15 +548,15 @@ class XMLStream(asyncio.BaseProtocol):
try:
if hasattr(self.loop, 'start_tls'):
transp = await self.loop.start_tls(self.transport,
- self, ssl_context)
+ self, ssl_context,
+ server_hostname=self.default_domain)
# Python < 3.7
else:
transp, _ = await self.loop.create_connection(
lambda: self,
ssl=self.ssl_context,
sock=self.socket,
- server_hostname=self.default_domain
- )
+ server_hostname=self.default_domain)
except ssl.SSLError as e:
log.debug('SSL: Unable to connect', exc_info=True)
log.error('CERT: Invalid certificate trust chain.')
