Cherry-picked changes from release-0.3
* Allow single-wildcard SSL common name matching * Version bump to 0.3 Change-Id: Idb1ad643239d5944b1017932f5b41bb6ffd36a5f
This commit is contained in:
parent
ab7ce2ef10
commit
e2dbb966a4
|
@ -327,10 +327,17 @@ class VerifiedHTTPSConnection(HTTPSConnection):
|
|||
connecting to, ie that the certificate's Common Name
|
||||
or a Subject Alternative Name matches 'host'.
|
||||
"""
|
||||
common_name = x509.get_subject().commonName
|
||||
|
||||
# First see if we can match the CN
|
||||
if x509.get_subject().commonName == host:
|
||||
if common_name == host:
|
||||
return True
|
||||
|
||||
# Support single wildcard matching
|
||||
if common_name.startswith('*.') and host.find('.') > 0:
|
||||
if common_name[2:] == host.split('.', 1)[1]:
|
||||
return True
|
||||
|
||||
# Also try Subject Alternative Names for a match
|
||||
san_list = None
|
||||
for i in xrange(x509.get_extension_count()):
|
||||
|
|
Loading…
Reference in New Issue