summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSerg Melikyan <smelikyan@mirantis.com>2013-10-14 14:10:07 +0400
committerSerg Melikyan <smelikyan@mirantis.com>2013-10-14 14:10:07 +0400
commit4d3ce9034a9631190d8a31879aed537c3f917ec3 (patch)
tree67e86a0bad1bb326e4730dc65e0b54da4db973e0
parent0ba37471abc03a0307a4a95659c40d40a35b1496 (diff)
Allow single-wildcard SSL common name matching0.3rc0.3release-0.3
Notes
Notes (review): Verified+2: Jenkins Approved+1: Serg Melikyan <smelikyan@mirantis.com> Code-Review+2: Serg Melikyan <smelikyan@mirantis.com> Submitted-by: Jenkins Submitted-at: Tue, 15 Oct 2013 08:48:54 +0000 Reviewed-on: https://review.openstack.org/51561 Project: stackforge/python-muranoclient Branch: refs/heads/release-0.3
-rw-r--r--muranoclient/common/http.py9
1 files changed, 8 insertions, 1 deletions
diff --git a/muranoclient/common/http.py b/muranoclient/common/http.py
index 5b275f8..30a5116 100644
--- a/muranoclient/common/http.py
+++ b/muranoclient/common/http.py
@@ -327,10 +327,17 @@ class VerifiedHTTPSConnection(HTTPSConnection):
327 connecting to, ie that the certificate's Common Name 327 connecting to, ie that the certificate's Common Name
328 or a Subject Alternative Name matches 'host'. 328 or a Subject Alternative Name matches 'host'.
329 """ 329 """
330 common_name = x509.get_subject().commonName
331
330 # First see if we can match the CN 332 # First see if we can match the CN
331 if x509.get_subject().commonName == host: 333 if common_name == host:
332 return True 334 return True
333 335
336 # Support single wildcard matching
337 if common_name.startswith('*.') and host.find('.') > 0:
338 if common_name[2:] == host.split('.', 1)[1]:
339 return True
340
334 # Also try Subject Alternative Names for a match 341 # Also try Subject Alternative Names for a match
335 san_list = None 342 san_list = None
336 for i in xrange(x509.get_extension_count()): 343 for i in xrange(x509.get_extension_count()):