diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2011-05-06 13:19:49 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2011-05-06 13:19:49 (GMT) |
commit | 1c86b4450689cc9ecef6c99ad8e55bae67931e59 (patch) | |
tree | 93db475c6bae4a416638fa39cec89d074ae3c542 /Lib/ssl.py | |
parent | 78349b06af6cabe7ff949a98fafa15d8a9c48c61 (diff) | |
download | cpython-1c86b4450689cc9ecef6c99ad8e55bae67931e59.zip cpython-1c86b4450689cc9ecef6c99ad8e55bae67931e59.tar.gz cpython-1c86b4450689cc9ecef6c99ad8e55bae67931e59.tar.bz2 |
Issue #12000: When a SSL certificate has a subjectAltName without any
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
Diffstat (limited to 'Lib/ssl.py')
-rw-r--r-- | Lib/ssl.py | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -122,8 +122,9 @@ def match_hostname(cert, hostname): if _dnsname_to_pat(value).match(hostname): return dnsnames.append(value) - if not san: - # The subject is only checked when subjectAltName is empty + if not dnsnames: + # The subject is only checked when there is no dNSName entry + # in subjectAltName for sub in cert.get('subject', ()): for key, value in sub: # XXX according to RFC 2818, the most specific Common Name |