Fixes

https_adapter.py

@@ -13,7 +13,6 @@ import urllib3
 from urllib3.util import parse_url
 from urllib3.util.retry import Retry
 from urllib3.util import Timeout as TimeoutSauce
-from urllib3.util.ssl_match_hostname import match_hostname as match_hostname
 
 DEFAULT_POOLBLOCK = False
 DEFAULT_POOLSIZE = 10
@@ -264,78 +263,3 @@ class HTTPSAdapter(HTTPAdapter):
 
         return self.build_response(request, resp)
 
-def ballow_subdomain_matching(hostname, dnsnames):
-    for elt in dnsnames:
-        if len(split(hostname, '.')) > len(split(elt, '.')) and \
-          hostname.endswith(elt):
-            # parent
-            return True
-    return False
-
-def my_match_hostname(cert, hostname):
-    """Verify that *cert* (in decoded format as returned by
-    SSLSocket.getpeercert()) matches the *hostname*.  RFC 2818 and RFC 6125
-    rules are followed, but IP addresses are not accepted for *hostname*.
-
-    CertificateError is raised on failure. On success, the function
-    returns nothing.
-    """
-    if not cert:
-        raise ValueError(
-            "empty or no certificate, match_hostname needs a "
-            "SSL socket or SSL context with either "
-            "CERT_OPTIONAL or CERT_REQUIRED"
-        )
-    try:
-        # Divergence from upstream: ipaddress can't handle byte str
-        host_ip = ipaddress.ip_address(_to_unicode(hostname))
-    except (UnicodeError, ValueError):
-        # ValueError: Not an IP address (common case)
-        # UnicodeError: Divergence from upstream: Have to deal with ipaddress not taking
-        # byte strings.  addresses should be all ascii, so we consider it not
-        # an ipaddress in this case
-        host_ip = None
-    except AttributeError:
-        # Divergence from upstream: Make ipaddress library optional
-        if ipaddress is None:
-            host_ip = None
-        else:  # Defensive
-            raise
-    dnsnames = []
-    san = cert.get("subjectAltName", ())
-    for key, value in san:
-        if key == "DNS":
-            if host_ip is None and _dnsname_match(value, hostname):
-                return
-            dnsnames.append(value)
-        elif key == "IP Address":
-            if host_ip is not None and _ipaddress_match(value, host_ip):
-                return
-            dnsnames.append(value)
-    if not dnsnames:
-        # The subject is only checked when there is no dNSName entry
-        # in subjectAltName
-        for sub in cert.get("subject", ()):
-            for key, value in sub:
-                # XXX according to RFC 2818, the most specific Common Name
-                # must be used.
-                if key == "commonName":
-                    if _dnsname_match(value, hostname):
-                        return
-                    dnsnames.append(value)
-    if len(dnsnames) > 1:
-        # soften this to allow subdomain matching
-        if ballow_subdomain_matching(hostname, dnsnames):
-            return
-        raise CertificateError(
-            "hostname %r "
-            "doesn't match any of %s" % (hostname, ", ".join(map(repr, dnsnames)))
-        )
-    elif len(dnsnames) == 1:
-        raise CertificateError("hostname %r doesn't match %r" % (hostname, dnsnames[0]))
-    else:
-        raise CertificateError(
-            "no appropriate commonName or subjectAltName fields were found"
-        )
-
-urllib3.util.ssl_match_hostname.match_hostnaem = my_match_hostname