diff mbox

python-backports-ssl-match-hostname: new package

Message ID 1461144174-7711-1-git-send-email-yegorslists@googlemail.com
State Superseded
Headers show

Commit Message

Yegor Yefremov April 20, 2016, 9:22 a.m. UTC 
From: Yegor Yefremov <yegorslists@googlemail.com>

Fixes #8856

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
---
 package/Config.in                                          |  1 +
 package/python-backports-ssl-match-hostname/Config.in      |  6 ++++++
 .../python-backports-ssl-match-hostname.hash               |  4 ++++
 .../python-backports-ssl-match-hostname.mk                 | 14 ++++++++++++++
 4 files changed, 25 insertions(+)
 create mode 100644 package/python-backports-ssl-match-hostname/Config.in
 create mode 100644 package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.hash
 create mode 100644 package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.mk

Comments

Thomas Petazzoni April 20, 2016, 9:28 a.m. UTC | #1 
Hello,

On Wed, 20 Apr 2016 11:22:54 +0200, yegorslists@googlemail.com wrote:
> From: Yegor Yefremov <yegorslists@googlemail.com>
> 
> Fixes #8856

Are you sure this is sufficient to fix the bug? Doesn't python-tornado
also needs to select this new package when Python 2 is used?

Thanks!

Thomas
Yegor Yefremov April 20, 2016, 9:58 a.m. UTC | #2 
On Wed, Apr 20, 2016 at 11:28 AM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> On Wed, 20 Apr 2016 11:22:54 +0200, yegorslists@googlemail.com wrote:
>> From: Yegor Yefremov <yegorslists@googlemail.com>
>>
>> Fixes #8856
>
> Are you sure this is sufficient to fix the bug? Doesn't python-tornado
> also needs to select this new package when Python 2 is used?

Both Python 2 and 3 implement ssl.match_hostname(cert, hostname) [1]

backports.ssl_match_hostname 3.5.0.1 introduces some enhancements made
in 3.5. See its history:

History
-------

* This function was introduced in python-3.2
* It was updated for python-3.4a1 for a CVE
(backports-ssl_match_hostname-3.4.0.1)
* It was updated from RFC2818 to RFC 6125 compliance in order to fix another
security flaw for python-3.3.3 and python-3.4a5
(backports-ssl_match_hostname-3.4.0.2)
* It was updated in python-3.5 to handle IPAddresses in ServerAltName fields
(something that backports.ssl_match_hostname will do if you also install the
ipaddress library from pypi).

Tornado has following logic to decide, when to import
backports.ssl_match_hostname

if hasattr(ssl, 'match_hostname') and hasattr(ssl,
'CertificateError'):  # python 3.2+
    ssl_match_hostname = ssl.match_hostname
    SSLCertificateError = ssl.CertificateError
elif ssl is None:
    ssl_match_hostname = SSLCertificateError = None
else:
    import backports.ssl_match_hostname
    ssl_match_hostname = backports.ssl_match_hostname.match_hostname
    SSLCertificateError = backports.ssl_match_hostname.CertificateError

So if the user wants to use ssl.match_hostname, he must select
Python's SSL support.

Turns out, that this package can be used only, if the user imports it directly.

[1] https://docs.python.org/2.7/library/ssl.html
Yegor Yefremov April 20, 2016, 8:27 p.m. UTC | #3 
Hi Charles,

On Wed, Apr 20, 2016 at 6:44 PM, Charles Hardin <ckhardin@exablox.com> wrote:
> Yes - I think I just selected it out of laziness because we don’t run
> different
> python versions and only use python 2.7

Could you perform following test?

1. disable backports.ssl_match_hostname
2. enable SSL support in Python, python-tornado and python-cerifi
3. make clean && make

Is your application functioning without backports.ssl_match_hostname?

Thanks.

Yegor

> On Apr 20, 2016, at 2:58 AM, Yegor Yefremov <yegorslists@googlemail.com>
> wrote:
>
> On Wed, Apr 20, 2016 at 11:28 AM, Thomas Petazzoni
> <thomas.petazzoni@free-electrons.com> wrote:
>
> Hello,
>
> On Wed, 20 Apr 2016 11:22:54 +0200, yegorslists@googlemail.com wrote:
>
> From: Yegor Yefremov <yegorslists@googlemail.com>
>
> Fixes #8856
>
>
> Are you sure this is sufficient to fix the bug? Doesn't python-tornado
> also needs to select this new package when Python 2 is used?
>
>
> Both Python 2 and 3 implement ssl.match_hostname(cert, hostname) [1]
>
> backports.ssl_match_hostname 3.5.0.1 introduces some enhancements made
> in 3.5. See its history:
>
> History
> -------
>
> * This function was introduced in python-3.2
> * It was updated for python-3.4a1 for a CVE
> (backports-ssl_match_hostname-3.4.0.1)
> * It was updated from RFC2818 to RFC 6125 compliance in order to fix another
> security flaw for python-3.3.3 and python-3.4a5
> (backports-ssl_match_hostname-3.4.0.2)
> * It was updated in python-3.5 to handle IPAddresses in ServerAltName fields
> (something that backports.ssl_match_hostname will do if you also install the
> ipaddress library from pypi).
>
> Tornado has following logic to decide, when to import
> backports.ssl_match_hostname
>
> if hasattr(ssl, 'match_hostname') and hasattr(ssl,
> 'CertificateError'):  # python 3.2+
>    ssl_match_hostname = ssl.match_hostname
>    SSLCertificateError = ssl.CertificateError
> elif ssl is None:
>    ssl_match_hostname = SSLCertificateError = None
> else:
>    import backports.ssl_match_hostname
>    ssl_match_hostname = backports.ssl_match_hostname.match_hostname
>    SSLCertificateError = backports.ssl_match_hostname.CertificateError
>
> So if the user wants to use ssl.match_hostname, he must select
> Python's SSL support.
>
> Turns out, that this package can be used only, if the user imports it
> directly.
>
> [1] https://docs.python.org/2.7/library/ssl.html
>
>
> --
> Bits go in, bytes go out.
>
Yegor Yefremov April 21, 2016, 9:19 a.m. UTC | #4 
Hi Charles,

On Wed, Apr 20, 2016 at 11:38 PM, Charles Hardin <ckhardin@exablox.com> wrote:
> Btw - it is circus that uses tornado

Could you send a patch adding circus to Buildroot? See [1] for
submitting patches instructions.

circus runs a deamon, but also provides an API, so I would add this as
an ordinary Python package.

[1] http://nightly.buildroot.org/manual.html#submitting-patches

Yegor

> Sent from my iPad
>
>> On Apr 20, 2016, at 1:27 PM, Yegor Yefremov <yegorslists@googlemail.com> wrote:
>>
>> Hi Charles,
>>
>>> On Wed, Apr 20, 2016 at 6:44 PM, Charles Hardin <ckhardin@exablox.com> wrote:
>>> Yes - I think I just selected it out of laziness because we don’t run
>>> different
>>> python versions and only use python 2.7
>>
>> Could you perform following test?
>>
>> 1. disable backports.ssl_match_hostname
>> 2. enable SSL support in Python, python-tornado and python-cerifi
>> 3. make clean && make
>>
>> Is your application functioning without backports.ssl_match_hostname?
>>
>> Thanks.
>>
>> Yegor
>>
>>> On Apr 20, 2016, at 2:58 AM, Yegor Yefremov <yegorslists@googlemail.com>
>>> wrote:
>>>
>>> On Wed, Apr 20, 2016 at 11:28 AM, Thomas Petazzoni
>>> <thomas.petazzoni@free-electrons.com> wrote:
>>>
>>> Hello,
>>>
>>> On Wed, 20 Apr 2016 11:22:54 +0200, yegorslists@googlemail.com wrote:
>>>
>>> From: Yegor Yefremov <yegorslists@googlemail.com>
>>>
>>> Fixes #8856
>>>
>>>
>>> Are you sure this is sufficient to fix the bug? Doesn't python-tornado
>>> also needs to select this new package when Python 2 is used?
>>>
>>>
>>> Both Python 2 and 3 implement ssl.match_hostname(cert, hostname) [1]
>>>
>>> backports.ssl_match_hostname 3.5.0.1 introduces some enhancements made
>>> in 3.5. See its history:
>>>
>>> History
>>> -------
>>>
>>> * This function was introduced in python-3.2
>>> * It was updated for python-3.4a1 for a CVE
>>> (backports-ssl_match_hostname-3.4.0.1)
>>> * It was updated from RFC2818 to RFC 6125 compliance in order to fix another
>>> security flaw for python-3.3.3 and python-3.4a5
>>> (backports-ssl_match_hostname-3.4.0.2)
>>> * It was updated in python-3.5 to handle IPAddresses in ServerAltName fields
>>> (something that backports.ssl_match_hostname will do if you also install the
>>> ipaddress library from pypi).
>>>
>>> Tornado has following logic to decide, when to import
>>> backports.ssl_match_hostname
>>>
>>> if hasattr(ssl, 'match_hostname') and hasattr(ssl,
>>> 'CertificateError'):  # python 3.2+
>>>   ssl_match_hostname = ssl.match_hostname
>>>   SSLCertificateError = ssl.CertificateError
>>> elif ssl is None:
>>>   ssl_match_hostname = SSLCertificateError = None
>>> else:
>>>   import backports.ssl_match_hostname
>>>   ssl_match_hostname = backports.ssl_match_hostname.match_hostname
>>>   SSLCertificateError = backports.ssl_match_hostname.CertificateError
>>>
>>> So if the user wants to use ssl.match_hostname, he must select
>>> Python's SSL support.
>>>
>>> Turns out, that this package can be used only, if the user imports it
>>> directly.
>>>
>>> [1] https://docs.python.org/2.7/library/ssl.html
>>>
>>>
>>> --
>>> Bits go in, bytes go out.
>>>
Arnout Vandecappelle April 21, 2016, 7:36 p.m. UTC | #5 
On 04/20/16 11:22, yegorslists@googlemail.com wrote:
> From: Yegor Yefremov<yegorslists@googlemail.com>
>
> Fixes #8856
>
> Signed-off-by: Yegor Yefremov<yegorslists@googlemail.com>
> ---
>   package/Config.in                                          |  1 +
>   package/python-backports-ssl-match-hostname/Config.in      |  6 ++++++
>   .../python-backports-ssl-match-hostname.hash               |  4 ++++
>   .../python-backports-ssl-match-hostname.mk                 | 14 ++++++++++++++
>   4 files changed, 25 insertions(+)
>   create mode 100644 package/python-backports-ssl-match-hostname/Config.in
>   create mode 100644 package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.hash
>   create mode 100644 package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index ecaf164..3b5e66e 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -630,6 +630,7 @@ menu "External python modules"
>   	source "package/python-alsaaudio/Config.in"
>   	source "package/python-autobahn/Config.in"
>   	source "package/python-backports-abc/Config.in"
> +	source "package/python-backports-ssl-match-hostname/Config.in"
>   	source "package/python-beautifulsoup4/Config.in"
>   	source "package/python-bottle/Config.in"
>   	source "package/python-can/Config.in"
> diff --git a/package/python-backports-ssl-match-hostname/Config.in b/package/python-backports-ssl-match-hostname/Config.in
> new file mode 100644
> index 0000000..36399bb
> --- /dev/null
> +++ b/package/python-backports-ssl-match-hostname/Config.in
> @@ -0,0 +1,6 @@
> +config BR2_PACKAGE_PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME
> +	bool "python-backports-ssl-match-hostname"

  Smell likes this should
	depends on BR2_PACKAGE_PYTHON
no? Doesn't make much sense to backport this function to Python 3.6 :-)

  Regards,
  Arnout

> +	help
> +	  The ssl.match_hostname() function from Python 3.5.
> +
> +	http://bitbucket.org/brandon/backports.ssl_match_hostname
[snip]
Yegor Yefremov April 21, 2016, 9:18 p.m. UTC | #6 
On Thu, Apr 21, 2016 at 9:36 PM, Arnout Vandecappelle <arnout@mind.be> wrote:
> On 04/20/16 11:22, yegorslists@googlemail.com wrote:
>>
>> From: Yegor Yefremov<yegorslists@googlemail.com>
>>
>> Fixes #8856
>>
>> Signed-off-by: Yegor Yefremov<yegorslists@googlemail.com>
>> ---
>>   package/Config.in                                          |  1 +
>>   package/python-backports-ssl-match-hostname/Config.in      |  6 ++++++
>>   .../python-backports-ssl-match-hostname.hash               |  4 ++++
>>   .../python-backports-ssl-match-hostname.mk                 | 14
>> ++++++++++++++
>>   4 files changed, 25 insertions(+)
>>   create mode 100644 package/python-backports-ssl-match-hostname/Config.in
>>   create mode 100644
>> package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.hash
>>   create mode 100644
>> package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.mk
>>
>> diff --git a/package/Config.in b/package/Config.in
>> index ecaf164..3b5e66e 100644
>> --- a/package/Config.in
>> +++ b/package/Config.in
>> @@ -630,6 +630,7 @@ menu "External python modules"
>>         source "package/python-alsaaudio/Config.in"
>>         source "package/python-autobahn/Config.in"
>>         source "package/python-backports-abc/Config.in"
>> +       source "package/python-backports-ssl-match-hostname/Config.in"
>>         source "package/python-beautifulsoup4/Config.in"
>>         source "package/python-bottle/Config.in"
>>         source "package/python-can/Config.in"
>> diff --git a/package/python-backports-ssl-match-hostname/Config.in
>> b/package/python-backports-ssl-match-hostname/Config.in
>> new file mode 100644
>> index 0000000..36399bb
>> --- /dev/null
>> +++ b/package/python-backports-ssl-match-hostname/Config.in
>> @@ -0,0 +1,6 @@
>> +config BR2_PACKAGE_PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME
>> +       bool "python-backports-ssl-match-hostname"
>
>
>  Smell likes this should
>         depends on BR2_PACKAGE_PYTHON
> no? Doesn't make much sense to backport this function to Python 3.6 :-)

No. We still have Python 3.4.x

The most interesting goody about about 3.5 ssl-match-hostname is
support for IP addresses or something like this, that uses "import
ipaddress", so it would make sense to select this package for Python
2.7.

Yegor

>> +       help
>> +         The ssl.match_hostname() function from Python 3.5.
>> +
>> +       http://bitbucket.org/brandon/backports.ssl_match_hostname
>
> [snip]
>
> --
> Arnout Vandecappelle                          arnout at mind be
> Senior Embedded Software Architect            +32-16-286500
> Essensium/Mind                                http://www.mind.be
> G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
> LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
> GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
Arnout Vandecappelle April 21, 2016, 11:06 p.m. UTC | #7 
On 04/21/16 23:18, Yegor Yefremov wrote:
> On Thu, Apr 21, 2016 at 9:36 PM, Arnout Vandecappelle <arnout@mind.be> wrote:
>> On 04/20/16 11:22, yegorslists@googlemail.com wrote:
>>>
>>> From: Yegor Yefremov<yegorslists@googlemail.com>
>>>
>>> Fixes #8856
>>>
>>> Signed-off-by: Yegor Yefremov<yegorslists@googlemail.com>
>>> ---
>>>    package/Config.in                                          |  1 +
>>>    package/python-backports-ssl-match-hostname/Config.in      |  6 ++++++
>>>    .../python-backports-ssl-match-hostname.hash               |  4 ++++
>>>    .../python-backports-ssl-match-hostname.mk                 | 14
>>> ++++++++++++++
>>>    4 files changed, 25 insertions(+)
>>>    create mode 100644 package/python-backports-ssl-match-hostname/Config.in
>>>    create mode 100644
>>> package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.hash
>>>    create mode 100644
>>> package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.mk
>>>
>>> diff --git a/package/Config.in b/package/Config.in
>>> index ecaf164..3b5e66e 100644
>>> --- a/package/Config.in
>>> +++ b/package/Config.in
>>> @@ -630,6 +630,7 @@ menu "External python modules"
>>>          source "package/python-alsaaudio/Config.in"
>>>          source "package/python-autobahn/Config.in"
>>>          source "package/python-backports-abc/Config.in"
>>> +       source "package/python-backports-ssl-match-hostname/Config.in"
>>>          source "package/python-beautifulsoup4/Config.in"
>>>          source "package/python-bottle/Config.in"
>>>          source "package/python-can/Config.in"
>>> diff --git a/package/python-backports-ssl-match-hostname/Config.in
>>> b/package/python-backports-ssl-match-hostname/Config.in
>>> new file mode 100644
>>> index 0000000..36399bb
>>> --- /dev/null
>>> +++ b/package/python-backports-ssl-match-hostname/Config.in
>>> @@ -0,0 +1,6 @@
>>> +config BR2_PACKAGE_PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME
>>> +       bool "python-backports-ssl-match-hostname"
>>
>>
>>   Smell likes this should
>>          depends on BR2_PACKAGE_PYTHON
>> no? Doesn't make much sense to backport this function to Python 3.6 :-)
>
> No. We still have Python 3.4.x

  Oh, I thought Thomas bumped it... Looks like that patch hasn't been applied yet.

  Regards,
  Arnout

>
> The most interesting goody about about 3.5 ssl-match-hostname is
> support for IP addresses or something like this, that uses "import
> ipaddress", so it would make sense to select this package for Python
> 2.7.

[snip]
Yegor Yefremov April 22, 2016, 10:48 a.m. UTC | #8 
On Fri, Apr 22, 2016 at 1:06 AM, Arnout Vandecappelle <arnout@mind.be> wrote:
>
>
> On 04/21/16 23:18, Yegor Yefremov wrote:
>>
>> On Thu, Apr 21, 2016 at 9:36 PM, Arnout Vandecappelle <arnout@mind.be>
>> wrote:
>>>
>>> On 04/20/16 11:22, yegorslists@googlemail.com wrote:
>>>>
>>>>
>>>> From: Yegor Yefremov<yegorslists@googlemail.com>
>>>>
>>>> Fixes #8856
>>>>
>>>> Signed-off-by: Yegor Yefremov<yegorslists@googlemail.com>
>>>> ---
>>>>    package/Config.in                                          |  1 +
>>>>    package/python-backports-ssl-match-hostname/Config.in      |  6
>>>> ++++++
>>>>    .../python-backports-ssl-match-hostname.hash               |  4 ++++
>>>>    .../python-backports-ssl-match-hostname.mk                 | 14
>>>> ++++++++++++++
>>>>    4 files changed, 25 insertions(+)
>>>>    create mode 100644
>>>> package/python-backports-ssl-match-hostname/Config.in
>>>>    create mode 100644
>>>>
>>>> package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.hash
>>>>    create mode 100644
>>>>
>>>> package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.mk
>>>>
>>>> diff --git a/package/Config.in b/package/Config.in
>>>> index ecaf164..3b5e66e 100644
>>>> --- a/package/Config.in
>>>> +++ b/package/Config.in
>>>> @@ -630,6 +630,7 @@ menu "External python modules"
>>>>          source "package/python-alsaaudio/Config.in"
>>>>          source "package/python-autobahn/Config.in"
>>>>          source "package/python-backports-abc/Config.in"
>>>> +       source "package/python-backports-ssl-match-hostname/Config.in"
>>>>          source "package/python-beautifulsoup4/Config.in"
>>>>          source "package/python-bottle/Config.in"
>>>>          source "package/python-can/Config.in"
>>>> diff --git a/package/python-backports-ssl-match-hostname/Config.in
>>>> b/package/python-backports-ssl-match-hostname/Config.in
>>>> new file mode 100644
>>>> index 0000000..36399bb
>>>> --- /dev/null
>>>> +++ b/package/python-backports-ssl-match-hostname/Config.in
>>>> @@ -0,0 +1,6 @@
>>>> +config BR2_PACKAGE_PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME
>>>> +       bool "python-backports-ssl-match-hostname"
>>>
>>>
>>>
>>>   Smell likes this should
>>>          depends on BR2_PACKAGE_PYTHON
>>> no? Doesn't make much sense to backport this function to Python 3.6 :-)
>>
>>
>> No. We still have Python 3.4.x
>
>
>  Oh, I thought Thomas bumped it... Looks like that patch hasn't been applied
> yet.
>
>  Regards,
>  Arnout
>
>>
>> The most interesting goody about about 3.5 ssl-match-hostname is
>> support for IP addresses or something like this, that uses "import
>> ipaddress", so it would make sense to select this package for Python
>> 2.7.

I've installed circus myself and now I understand the problem. circusd
uses following code:

#!/usr/bin/python
# EASY-INSTALL-ENTRY-SCRIPT: 'circus==0.13.0','console_scripts','circusd'
__requires__ = 'circus==0.13.0'
import sys
from pkg_resources import load_entry_point

if __name__ == '__main__':
    sys.exit(
        load_entry_point('circus==0.13.0', 'console_scripts', 'circusd')()
    )

This code checks package requirements of all needed Python packages at
run-time. Tornado itself is working without backports.ssl-* package
(just enabling PYTHON SSH support is sufficient). In Python 3.4 there
are no problems, as backports.ssl-* is required only for Python < 3.2
(tornado's setup.py).

My suggestion is to enable
BR2_PACKAGE_PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME for Python2 only and
enable both it and certify when selecting tornado. What do you think
about this?

Yegor
Arnout Vandecappelle April 22, 2016, 11:27 a.m. UTC | #9 
On 04/22/16 12:48, Yegor Yefremov wrote:
> My suggestion is to enable
> BR2_PACKAGE_PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME for Python2 only and
> enable both it and certify when selecting tornado. What do you think
> about this?

  Sounds good to me. Do add an explanatory comment why these two additional 
packages are required, because the casual reader will not understand.

  Regards,
  Arnout
diff mbox

Patch

diff --git a/package/Config.in b/package/Config.in
index ecaf164..3b5e66e 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -630,6 +630,7 @@  menu "External python modules"
 	source "package/python-alsaaudio/Config.in"
 	source "package/python-autobahn/Config.in"
 	source "package/python-backports-abc/Config.in"
+	source "package/python-backports-ssl-match-hostname/Config.in"
 	source "package/python-beautifulsoup4/Config.in"
 	source "package/python-bottle/Config.in"
 	source "package/python-can/Config.in"
diff --git a/package/python-backports-ssl-match-hostname/Config.in b/package/python-backports-ssl-match-hostname/Config.in
new file mode 100644
index 0000000..36399bb
--- /dev/null
+++ b/package/python-backports-ssl-match-hostname/Config.in
@@ -0,0 +1,6 @@ 
+config BR2_PACKAGE_PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME
+	bool "python-backports-ssl-match-hostname"
+	help
+	  The ssl.match_hostname() function from Python 3.5.
+
+	  http://bitbucket.org/brandon/backports.ssl_match_hostname
diff --git a/package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.hash b/package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.hash
new file mode 100644
index 0000000..8313d96
--- /dev/null
+++ b/package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.hash
@@ -0,0 +1,4 @@ 
+# md5 from https://pypi.python.org/pypi/backports.ssl_match_hostname/json
+md5	c03fc5e2c7b3da46b81acf5cbacfe1e6  backports.ssl_match_hostname-3.5.0.1.tar.gz
+# sha256 calculated by scanpypi
+sha256	502ad98707319f4a51fa2ca1c677bd659008d27ded9f6380c79e8932e38dcdf2  backports.ssl_match_hostname-3.5.0.1.tar.gz
diff --git a/package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.mk b/package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.mk
new file mode 100644
index 0000000..6848dd2
--- /dev/null
+++ b/package/python-backports-ssl-match-hostname/python-backports-ssl-match-hostname.mk
@@ -0,0 +1,14 @@ 
+################################################################################
+#
+# python-backports-ssl-match-hostname
+#
+################################################################################
+
+PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME_VERSION = 3.5.0.1
+PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME_SOURCE = backports.ssl_match_hostname-$(PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME_VERSION).tar.gz
+PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME_SITE = https://pypi.python.org/packages/source/b/backports.ssl_match_hostname
+PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME_SETUP_TYPE = distutils
+PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME_LICENSE = Python Software Foundation License v2
+PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME_LICENSE_FILES = backports/ssl_match_hostname/LICENSE.txt
+
+$(eval $(python-package))