upstream/mercurial-mirror Commit - r14666:27b080aa

sslutil: fall back to commonName when no dNSName in subjectAltName (issue2798)...

Nicolas Bareil -

r14666:27b080aa default

parent child

mercurial/sslutil.py

0 +2 -1

                      for name in certnames:
                          if matchdnsname(name):
                              return None
-                     return _('certificate is for %s') % ', '.join(certnames)
+                     if certnames:
+                         return _('certificate is for %s') % ', '.join(certnames)
                  # subject is only checked when subjectAltName is empty
                  for s in cert.get('subject', []):

tests/test-url.py

0 +9 -5

                    None)
              check(_verifycert(san_cert, 'foo.example.net'),
                    None)
-             # subject is only checked when subjectAltName is empty
+             # no fallback to subject commonName when subjectAltName has DNS
              check(_verifycert(san_cert, 'example.com'),
                    'certificate is for *.example.net, example.net')
+             # fallback to subject commonName when no DNS in subjectAltName
+             san_cert = {'subject': ((('commonName', 'example.com'),),),
+                         'subjectAltName': (('IP Address', '8.8.8.8'),)}
+             check(_verifycert(san_cert, 'example.com'), None)
              # Avoid some pitfalls
              check(_verifycert(cert('*.foo'), 'foo'),
              check(_verifycert(None, 'example.com'),
                    'no certificate received')
+             # Unicode (IDN) certname isn't supported
+             check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
+                   'IDN in certificate not supported')
              import doctest
              def test_url():
                  """
              doctest.testmod(optionflags=doctest.NORMALIZE_WHITESPACE)
-             # Unicode (IDN) certname isn't supported
-             check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
-                   'IDN in certificate not supported')

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages