commit 78a748149c346683f33e51851c93ee9bc7596016 parent f004dff9ef8d0c6b3c6a29cb79a78a1bd56a5ff4 Author: ThomasV <thomasv1@gmx.de> Date: Mon, 5 May 2014 18:14:19 +0200 Merge pull request #677 from wozz/paymnt-update update to certificate check for Subject Alt Names Diffstat:
M | lib/paymentrequest.py | | | 26 | +++++++++++++++++++++----- |
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py @@ -71,11 +71,27 @@ class PaymentRequest: x509_1 = X509.load_cert_der_string(cert.certificate[0]) if self.domain != x509_1.get_subject().CN: - ###TODO: check for subject alt names - ### check for wildcards - print "ERROR: Certificate Subject Domain Mismatch" - print self.domain, x509_1.get_subject().CN - #return + validcert = False + try: + SANs = x509_1.get_ext("subjectAltName").get_value().split(",") + for s in SANs: + s = s.strip() + if s.startswith("DNS:") and s[4:] == self.domain: + validcert = True + print "Match SAN DNS" + elif s.startswith("IP:") and s[3:] == self.domain: + validcert = True + print "Match SAN IP" + elif s.startswith("email:") and s[6:] == self.domain: + validcert = True + print "Match SAN email" + except Exception, e: + print "ERROR: No SAN data" + if not validcert: + ###TODO: check for wildcards + print "ERROR: Certificate Subject Domain Mismatch and SAN Mismatch" + print self.domain, x509_1.get_subject().CN + return x509 = [] CA_OU = ''