electrum

Electrum Bitcoin wallet
git clone https://git.parazyd.org/electrum
Log | Files | Refs | Submodules

commit 78a748149c346683f33e51851c93ee9bc7596016
parent f004dff9ef8d0c6b3c6a29cb79a78a1bd56a5ff4
Author: ThomasV <thomasv1@gmx.de>
Date:   Mon,  5 May 2014 18:14:19 +0200

Merge pull request #677 from wozz/paymnt-update

update to certificate check for Subject Alt Names
Diffstat:
Mlib/paymentrequest.py | 26+++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py @@ -71,11 +71,27 @@ class PaymentRequest: x509_1 = X509.load_cert_der_string(cert.certificate[0]) if self.domain != x509_1.get_subject().CN: - ###TODO: check for subject alt names - ### check for wildcards - print "ERROR: Certificate Subject Domain Mismatch" - print self.domain, x509_1.get_subject().CN - #return + validcert = False + try: + SANs = x509_1.get_ext("subjectAltName").get_value().split(",") + for s in SANs: + s = s.strip() + if s.startswith("DNS:") and s[4:] == self.domain: + validcert = True + print "Match SAN DNS" + elif s.startswith("IP:") and s[3:] == self.domain: + validcert = True + print "Match SAN IP" + elif s.startswith("email:") and s[6:] == self.domain: + validcert = True + print "Match SAN email" + except Exception, e: + print "ERROR: No SAN data" + if not validcert: + ###TODO: check for wildcards + print "ERROR: Certificate Subject Domain Mismatch and SAN Mismatch" + print self.domain, x509_1.get_subject().CN + return x509 = [] CA_OU = ''