update to certificate check for Subject Alt Names
This commit is contained in:
parent
f004dff9ef
commit
96e1ea42a8
|
@ -71,11 +71,27 @@ class PaymentRequest:
|
||||||
|
|
||||||
x509_1 = X509.load_cert_der_string(cert.certificate[0])
|
x509_1 = X509.load_cert_der_string(cert.certificate[0])
|
||||||
if self.domain != x509_1.get_subject().CN:
|
if self.domain != x509_1.get_subject().CN:
|
||||||
###TODO: check for subject alt names
|
validcert = False
|
||||||
### check for wildcards
|
try:
|
||||||
print "ERROR: Certificate Subject Domain Mismatch"
|
SANs = x509_1.get_ext("subjectAltName").get_value().split(",")
|
||||||
|
for s in SANs:
|
||||||
|
s = s.strip()
|
||||||
|
if s.startswith("DNS:") and s[4:] == self.domain:
|
||||||
|
validcert = True
|
||||||
|
print "Match SAN DNS"
|
||||||
|
elif s.startswith("IP:") and s[3:] == self.domain:
|
||||||
|
validcert = True
|
||||||
|
print "Match SAN IP"
|
||||||
|
elif s.startswith("email:") and s[6:] == self.domain:
|
||||||
|
validcert = True
|
||||||
|
print "Match SAN email"
|
||||||
|
except Exception, e:
|
||||||
|
print "ERROR: No SAN data"
|
||||||
|
if not validcert:
|
||||||
|
###TODO: check for wildcards
|
||||||
|
print "ERROR: Certificate Subject Domain Mismatch and SAN Mismatch"
|
||||||
print self.domain, x509_1.get_subject().CN
|
print self.domain, x509_1.get_subject().CN
|
||||||
#return
|
return
|
||||||
|
|
||||||
x509 = []
|
x509 = []
|
||||||
CA_OU = ''
|
CA_OU = ''
|
||||||
|
|
Loading…
Reference in New Issue