restrict to *. only, add DN support also
This commit is contained in:
parent
3c563b85ad
commit
8792301846
|
@ -128,7 +128,7 @@ class TcpInterface(threading.Thread):
|
||||||
return False
|
return False
|
||||||
if peercert.has_key("subjectAltName"):
|
if peercert.has_key("subjectAltName"):
|
||||||
for typ, val in peercert["subjectAltName"]:
|
for typ, val in peercert["subjectAltName"]:
|
||||||
if typ == "DNS" and (val == name or (val[0] == '*' and name.find(val[1:]) + len(val[1:]) == len(name))):
|
if typ == "DNS" and (val == name or (val.find('*.') == 0 and name.find(val[1:]) + len(val[1:]) == len(name))):
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
# Only check the subject DN if there is no subject alternative
|
# Only check the subject DN if there is no subject alternative
|
||||||
|
@ -139,7 +139,7 @@ class TcpInterface(threading.Thread):
|
||||||
if attr == "commonName":
|
if attr == "commonName":
|
||||||
cn = val
|
cn = val
|
||||||
if cn is not None:
|
if cn is not None:
|
||||||
return cn == name
|
return (cn == name or (cn.find('*.') == 0 and name.find(cn[1:]) + len(cn[1:]) == len(name)))
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue