Show More
| @@ -48,6 +48,7 def _verifycert(cert, hostname): | |||
|
|
48 | 48 | for name in certnames: |
|
|
49 | 49 | if matchdnsname(name): |
|
|
50 | 50 | return None |
|
|
51 | if certnames: | |
|
|
51 | 52 | return _('certificate is for %s') % ', '.join(certnames) |
|
|
52 | 53 | |
|
|
53 | 54 | # subject is only checked when subjectAltName is empty |
| @@ -33,9 +33,13 check(_verifycert(san_cert, 'example.net | |||
|
|
33 | 33 | None) |
|
|
34 | 34 | check(_verifycert(san_cert, 'foo.example.net'), |
|
|
35 | 35 | None) |
|
|
36 |
# subject |
|
|
|
36 | # no fallback to subject commonName when subjectAltName has DNS | |
|
|
37 | 37 | check(_verifycert(san_cert, 'example.com'), |
|
|
38 | 38 | 'certificate is for *.example.net, example.net') |
|
|
39 | # fallback to subject commonName when no DNS in subjectAltName | |
|
|
40 | san_cert = {'subject': ((('commonName', 'example.com'),),), | |
|
|
41 | 'subjectAltName': (('IP Address', '8.8.8.8'),)} | |
|
|
42 | check(_verifycert(san_cert, 'example.com'), None) | |
|
|
39 | 43 | |
|
|
40 | 44 | # Avoid some pitfalls |
|
|
41 | 45 | check(_verifycert(cert('*.foo'), 'foo'), |
| @@ -49,6 +53,10 check(_verifycert({'subject': ()}, | |||
|
|
49 | 53 | check(_verifycert(None, 'example.com'), |
|
|
50 | 54 | 'no certificate received') |
|
|
51 | 55 | |
|
|
56 | # Unicode (IDN) certname isn't supported | |
|
|
57 | check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), | |
|
|
58 | 'IDN in certificate not supported') | |
|
|
59 | ||
|
|
52 | 60 | import doctest |
|
|
53 | 61 | |
|
|
54 | 62 | def test_url(): |
| @@ -211,7 +219,3 def test_url(): | |||
|
|
211 | 219 | """ |
|
|
212 | 220 | |
|
|
213 | 221 | doctest.testmod(optionflags=doctest.NORMALIZE_WHITESPACE) |
|
|
214 | ||
|
|
215 | # Unicode (IDN) certname isn't supported | |
|
|
216 | check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), | |
|
|
217 | 'IDN in certificate not supported') | |
General Comments 0
You need to be logged in to leave comments.
Login now