AaronFiore/electrum
1
0
Fork 0
Code Activity

Merge pull request #1364 from neocogent/wildcard

Browse Source 
Wildcard SSL Support
This commit is contained in:
ThomasV
2015-07-17 06:35:14 +02:00
parent e444ff3519 8792301846
commit aef7e4365e
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/interface.py
View File

@@ -121,15 +121,14 @@ class TcpInterface(threading.Thread):
def check_host_name(self, peercert, name): def check_host_name(self, peercert, name):
"""Simple certificate/host name checker. Returns True if the """Simple certificate/host name checker. Returns True if the
certificate matches, False otherwise. Does not support certificate matches, False otherwise."""
wildcards."""
# Check that the peer has supplied a certificate. # Check that the peer has supplied a certificate.
# None/{} is not acceptable. # None/{} is not acceptable.
if not peercert: if not peercert:
return False return False
if peercert.has_key("subjectAltName"): if peercert.has_key("subjectAltName"):
for typ, val in peercert["subjectAltName"]: for typ, val in peercert["subjectAltName"]:
if typ == "DNS" and val == name: if typ == "DNS" and (val == name or (val.find('*.') == 0 and name.find(val[1:]) + len(val[1:]) == len(name))):
return True return True
else: else:
# Only check the subject DN if there is no subject alternative # Only check the subject DN if there is no subject alternative
@@ -140,7 +139,7 @@ class TcpInterface(threading.Thread):
if attr == "commonName": if attr == "commonName":
cn = val cn = val
if cn is not None: if cn is not None:
return cn == name return (cn == name or (cn.find('*.') == 0 and name.find(cn[1:]) + len(cn[1:]) == len(name)))
return False return False