diff options
| author | Mandeep Singh <daxlab@users.noreply.github.com> | 2017-11-26 22:31:27 (GMT) |
|---|---|---|
| committer | Mariatta <Mariatta@users.noreply.github.com> | 2017-11-26 22:31:27 (GMT) |
| commit | ede2ac913eba47131ee1bbc37a9aea344d678576 (patch) | |
| tree | b4270e8572769876e6da0786db280a6a0ed05639 /Lib/test/test_ssl.py | |
| parent | 0cd2e81bea639828d7c9a7afc61fb1da9699492c (diff) | |
| download | cpython-ede2ac913eba47131ee1bbc37a9aea344d678576.zip cpython-ede2ac913eba47131ee1bbc37a9aea344d678576.tar.gz cpython-ede2ac913eba47131ee1bbc37a9aea344d678576.tar.bz2 | |
bpo-23033: Improve SSL Certificate handling (GH-937)
Wildcard is now supported in hostname when it is one and only character in
the leftmost segment.
Diffstat (limited to 'Lib/test/test_ssl.py')
| -rw-r--r-- | Lib/test/test_ssl.py | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index aa2429a..c65290b 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -512,10 +512,11 @@ class BasicSocketTests(unittest.TestCase): fail(cert, 'Xa.com') fail(cert, '.a.com') - # only match one left-most wildcard + # only match wildcards when they are the only thing + # in left-most segment cert = {'subject': ((('commonName', 'f*.com'),),)} - ok(cert, 'foo.com') - ok(cert, 'f.com') + fail(cert, 'foo.com') + fail(cert, 'f.com') fail(cert, 'bar.com') fail(cert, 'foo.a.com') fail(cert, 'bar.foo.com') @@ -552,8 +553,8 @@ class BasicSocketTests(unittest.TestCase): # are supported. idna = 'www*.pythön.org'.encode("idna").decode("ascii") cert = {'subject': ((('commonName', idna),),)} - ok(cert, 'www.pythön.org'.encode("idna").decode("ascii")) - ok(cert, 'www1.pythön.org'.encode("idna").decode("ascii")) + fail(cert, 'www.pythön.org'.encode("idna").decode("ascii")) + fail(cert, 'www1.pythön.org'.encode("idna").decode("ascii")) fail(cert, 'ftp.pythön.org'.encode("idna").decode("ascii")) fail(cert, 'pythön.org'.encode("idna").decode("ascii")) @@ -637,7 +638,7 @@ class BasicSocketTests(unittest.TestCase): # Issue #17980: avoid denials of service by refusing more than one # wildcard per fragment. cert = {'subject': ((('commonName', 'a*b.com'),),)} - ok(cert, 'axxb.com') + fail(cert, 'axxb.com') cert = {'subject': ((('commonName', 'a*b.co*'),),)} fail(cert, 'axxb.com') cert = {'subject': ((('commonName', 'a*b*.com'),),)} |