Allow single-wildcard SSL common name matching

Fixed Bug #1238607

Change-Id: I0f5756fa235483ba98d39776dcdba1ce0f991171
This commit is contained in:
Serg Melikyan 2013-10-14 14:10:07 +04:00
parent 0ba37471ab
commit 4d3ce9034a
1 changed files with 8 additions and 1 deletions

View File

@ -327,10 +327,17 @@ class VerifiedHTTPSConnection(HTTPSConnection):
connecting to, ie that the certificate's Common Name
or a Subject Alternative Name matches 'host'.
"""
common_name = x509.get_subject().commonName
# First see if we can match the CN
if x509.get_subject().commonName == host:
if common_name == host:
return True
# Support single wildcard matching
if common_name.startswith('*.') and host.find('.') > 0:
if common_name[2:] == host.split('.', 1)[1]:
return True
# Also try Subject Alternative Names for a match
san_list = None
for i in xrange(x509.get_extension_count()):