upstream/mercurial-mirror Files · tests/test-url.py

url: check subjectAltName when verifying ssl certificate...

url: check subjectAltName when verifying ssl certificate Now it verifies certificate in the same manner as py3k implementation: http://svn.python.org/view/python/branches/py3k/Lib/ssl.py?view=markup#match_hostname

Yuya Nishihara - - Load All Authors

File last commit:

r13249:75d0c38a stable


                r13249:75d0c38a

stable

Download file

             test-url.py
        
                    54 lines
            
             | 1.7 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / tests / test-url.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      import sys

      def check(a, b):

          if a != b:

              print (a, b)

      def cert(cn):

          return dict(subject=((('commonName', cn),),))

      from mercurial.url import _verifycert

      # Test non-wildcard certificates

      check(_verifycert(cert('example.com'), 'example.com'),

            None)

      check(_verifycert(cert('example.com'), 'www.example.com'),

            'certificate is for example.com')

      check(_verifycert(cert('www.example.com'), 'example.com'),

            'certificate is for www.example.com')

      # Test wildcard certificates

      check(_verifycert(cert('*.example.com'), 'www.example.com'),

            None)

      check(_verifycert(cert('*.example.com'), 'example.com'),

            'certificate is for *.example.com')

      check(_verifycert(cert('*.example.com'), 'w.w.example.com'),

            'certificate is for *.example.com')

      # Test subjectAltName

      san_cert = {'subject': ((('commonName', 'example.com'),),),

                  'subjectAltName': (('DNS', '*.example.net'),

                                     ('DNS', 'example.net'))}

      check(_verifycert(san_cert, 'example.net'),

            None)

      check(_verifycert(san_cert, 'foo.example.net'),

            None)

      # subject is only checked when subjectAltName is empty

      check(_verifycert(san_cert, 'example.com'),

            'certificate is for *.example.net, example.net')

      # Avoid some pitfalls

      check(_verifycert(cert('*.foo'), 'foo'),

            'certificate is for *.foo')

      check(_verifycert(cert('*o'), 'foo'),

            'certificate is for *o')

      check(_verifycert({'subject': ()},

                        'example.com'),

            'no commonName or subjectAltName found in certificate')

      check(_verifycert(None, 'example.com'),

            'no certificate received')

      # Unicode (IDN) certname isn't supported

      check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),

            'IDN in certificate not supported')

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				import sys

				def check(a, b):
				if a != b:
				print (a, b)

				def cert(cn):
				return dict(subject=((('commonName', cn),),))

				from mercurial.url import _verifycert

				# Test non-wildcard certificates
				check(_verifycert(cert('example.com'), 'example.com'),
				None)
				check(_verifycert(cert('example.com'), 'www.example.com'),
				'certificate is for example.com')
				check(_verifycert(cert('www.example.com'), 'example.com'),
				'certificate is for www.example.com')

				# Test wildcard certificates
				check(_verifycert(cert('*.example.com'), 'www.example.com'),
				None)
				check(_verifycert(cert('*.example.com'), 'example.com'),
				'certificate is for *.example.com')
				check(_verifycert(cert('*.example.com'), 'w.w.example.com'),
				'certificate is for *.example.com')

				# Test subjectAltName
				san_cert = {'subject': ((('commonName', 'example.com'),),),
				'subjectAltName': (('DNS', '*.example.net'),
				('DNS', 'example.net'))}
				check(_verifycert(san_cert, 'example.net'),
				None)
				check(_verifycert(san_cert, 'foo.example.net'),
				None)
				# subject is only checked when subjectAltName is empty
				check(_verifycert(san_cert, 'example.com'),
				'certificate is for *.example.net, example.net')

				# Avoid some pitfalls
				check(_verifycert(cert('*.foo'), 'foo'),
				'certificate is for *.foo')
				check(_verifycert(cert('*o'), 'foo'),
				'certificate is for *o')

				check(_verifycert({'subject': ()},
				'example.com'),
				'no commonName or subjectAltName found in certificate')
				check(_verifycert(None, 'example.com'),
				'no certificate received')

				# Unicode (IDN) certname isn't supported
				check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
				'IDN in certificate not supported')