Allow single-wildcard SSL common name matching
Fixed Bug #1238607 Change-Id: I0f5756fa235483ba98d39776dcdba1ce0f991171
This commit is contained in:
parent
0ba37471ab
commit
4d3ce9034a
|
@ -327,10 +327,17 @@ class VerifiedHTTPSConnection(HTTPSConnection):
|
|||
connecting to, ie that the certificate's Common Name
|
||||
or a Subject Alternative Name matches 'host'.
|
||||
"""
|
||||
common_name = x509.get_subject().commonName
|
||||
|
||||
# First see if we can match the CN
|
||||
if x509.get_subject().commonName == host:
|
||||
if common_name == host:
|
||||
return True
|
||||
|
||||
# Support single wildcard matching
|
||||
if common_name.startswith('*.') and host.find('.') > 0:
|
||||
if common_name[2:] == host.split('.', 1)[1]:
|
||||
return True
|
||||
|
||||
# Also try Subject Alternative Names for a match
|
||||
san_list = None
|
||||
for i in xrange(x509.get_extension_count()):
|
||||
|
|
Loading…
Reference in New Issue