diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2011-05-06 13:20:55 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2011-05-06 13:20:55 (GMT) |
commit | ff9bfca4827a6ad323c9eff359e34e10655fdc93 (patch) | |
tree | 50abe56e6fb9b479202372880c9e938346db812e /Lib/test | |
parent | b4dc2502ad0a3497a4a6628ab1dd2b1e077ae157 (diff) | |
parent | 1c86b4450689cc9ecef6c99ad8e55bae67931e59 (diff) | |
download | cpython-ff9bfca4827a6ad323c9eff359e34e10655fdc93.zip cpython-ff9bfca4827a6ad323c9eff359e34e10655fdc93.tar.gz cpython-ff9bfca4827a6ad323c9eff359e34e10655fdc93.tar.bz2 |
Issue #12000: When a SSL certificate has a subjectAltName without any
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
Diffstat (limited to 'Lib/test')
-rw-r--r-- | Lib/test/test_ssl.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 138367b..77adc43 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -277,6 +277,24 @@ class BasicSocketTests(unittest.TestCase): (('organizationName', 'Google Inc'),))} fail(cert, 'mail.google.com') + # No DNS entry in subjectAltName but a commonName + cert = {'notAfter': 'Dec 18 23:59:59 2099 GMT', + 'subject': ((('countryName', 'US'),), + (('stateOrProvinceName', 'California'),), + (('localityName', 'Mountain View'),), + (('commonName', 'mail.google.com'),)), + 'subjectAltName': (('othername', 'blabla'), )} + ok(cert, 'mail.google.com') + + # No DNS entry subjectAltName and no commonName + cert = {'notAfter': 'Dec 18 23:59:59 2099 GMT', + 'subject': ((('countryName', 'US'),), + (('stateOrProvinceName', 'California'),), + (('localityName', 'Mountain View'),), + (('organizationName', 'Google Inc'),)), + 'subjectAltName': (('othername', 'blabla'),)} + fail(cert, 'google.com') + # Empty cert / no cert self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com') self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com') |