commit aef7e4365ebc9b30abbe85d3c938e41fc0d120bc
parent e444ff35194f9f332ed8a49ff0df0a8166bad47b
Author: ThomasV <electrumdev@gmail.com>
Date: Fri, 17 Jul 2015 06:35:14 +0200
Merge pull request #1364 from neocogent/wildcard
Wildcard SSL Support
Diffstat:
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/lib/interface.py b/lib/interface.py
@@ -121,15 +121,14 @@ class TcpInterface(threading.Thread):
def check_host_name(self, peercert, name):
"""Simple certificate/host name checker. Returns True if the
- certificate matches, False otherwise. Does not support
- wildcards."""
+ certificate matches, False otherwise."""
# Check that the peer has supplied a certificate.
# None/{} is not acceptable.
if not peercert:
return False
if peercert.has_key("subjectAltName"):
for typ, val in peercert["subjectAltName"]:
- if typ == "DNS" and val == name:
+ if typ == "DNS" and (val == name or (val.find('*.') == 0 and name.find(val[1:]) + len(val[1:]) == len(name))):
return True
else:
# Only check the subject DN if there is no subject alternative
@@ -140,7 +139,7 @@ class TcpInterface(threading.Thread):
if attr == "commonName":
cn = val
if cn is not None:
- return cn == name
+ return (cn == name or (cn.find('*.') == 0 and name.find(cn[1:]) + len(cn[1:]) == len(name)))
return False
