summaryrefslogtreecommitdiffstats
path: root/Lib/ssl.py
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2011-05-06 13:19:49 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2011-05-06 13:19:49 (GMT)
commit1c86b4450689cc9ecef6c99ad8e55bae67931e59 (patch)
tree93db475c6bae4a416638fa39cec89d074ae3c542 /Lib/ssl.py
parent78349b06af6cabe7ff949a98fafa15d8a9c48c61 (diff)
downloadcpython-1c86b4450689cc9ecef6c99ad8e55bae67931e59.zip
cpython-1c86b4450689cc9ecef6c99ad8e55bae67931e59.tar.gz
cpython-1c86b4450689cc9ecef6c99ad8e55bae67931e59.tar.bz2
Issue #12000: When a SSL certificate has a subjectAltName without any
dNSName entry, ssl.match_hostname() should use the subject's commonName. Patch by Nicolas Bareil.
Diffstat (limited to 'Lib/ssl.py')
-rw-r--r--Lib/ssl.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/Lib/ssl.py b/Lib/ssl.py
index 84aa6dc..e7c175f 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -122,8 +122,9 @@ def match_hostname(cert, hostname):
if _dnsname_to_pat(value).match(hostname):
return
dnsnames.append(value)
- if not san:
- # The subject is only checked when subjectAltName is empty
+ if not dnsnames:
+ # The subject is only checked when there is no dNSName entry
+ # in subjectAltName
for sub in cert.get('subject', ()):
for key, value in sub:
# XXX according to RFC 2818, the most specific Common Name