Show More
| @@ -48,6 +48,7 def _verifycert(cert, hostname): | |||||
| 48 | for name in certnames: |
|
48 | for name in certnames: | |
| 49 | if matchdnsname(name): |
|
49 | if matchdnsname(name): | |
| 50 | return None |
|
50 | return None | |
|
|
51 | if certnames: | |||
| 51 | return _('certificate is for %s') % ', '.join(certnames) |
|
52 | return _('certificate is for %s') % ', '.join(certnames) | |
| 52 |
|
53 | |||
| 53 | # subject is only checked when subjectAltName is empty |
|
54 | # subject is only checked when subjectAltName is empty | |
| @@ -33,9 +33,13 check(_verifycert(san_cert, 'example.net | |||||
| 33 | None) |
|
33 | None) | |
| 34 | check(_verifycert(san_cert, 'foo.example.net'), |
|
34 | check(_verifycert(san_cert, 'foo.example.net'), | |
| 35 | None) |
|
35 | None) | |
| 36 |
# subject |
|
36 | # no fallback to subject commonName when subjectAltName has DNS | |
| 37 | check(_verifycert(san_cert, 'example.com'), |
|
37 | check(_verifycert(san_cert, 'example.com'), | |
| 38 | 'certificate is for *.example.net, example.net') |
|
38 | 'certificate is for *.example.net, example.net') | |
|
|
39 | # fallback to subject commonName when no DNS in subjectAltName | |||
|
|
40 | san_cert = {'subject': ((('commonName', 'example.com'),),), | |||
|
|
41 | 'subjectAltName': (('IP Address', '8.8.8.8'),)} | |||
|
|
42 | check(_verifycert(san_cert, 'example.com'), None) | |||
| 39 |
|
43 | |||
| 40 | # Avoid some pitfalls |
|
44 | # Avoid some pitfalls | |
| 41 | check(_verifycert(cert('*.foo'), 'foo'), |
|
45 | check(_verifycert(cert('*.foo'), 'foo'), | |
| @@ -49,6 +53,10 check(_verifycert({'subject': ()}, | |||||
| 49 | check(_verifycert(None, 'example.com'), |
|
53 | check(_verifycert(None, 'example.com'), | |
| 50 | 'no certificate received') |
|
54 | 'no certificate received') | |
| 51 |
|
55 | |||
|
|
56 | # Unicode (IDN) certname isn't supported | |||
|
|
57 | check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), | |||
|
|
58 | 'IDN in certificate not supported') | |||
|
|
59 | ||||
| 52 | import doctest |
|
60 | import doctest | |
| 53 |
|
61 | |||
| 54 | def test_url(): |
|
62 | def test_url(): | |
| @@ -211,7 +219,3 def test_url(): | |||||
| 211 | """ |
|
219 | """ | |
| 212 |
|
220 | |||
| 213 | doctest.testmod(optionflags=doctest.NORMALIZE_WHITESPACE) |
|
221 | doctest.testmod(optionflags=doctest.NORMALIZE_WHITESPACE) | |
| 214 |
|
||||
| 215 | # Unicode (IDN) certname isn't supported |
|
|||
| 216 | check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), |
|
|||
| 217 | 'IDN in certificate not supported') |
|
|||
General Comments 0
You need to be logged in to leave comments.
Login now