mirror of https://github.com/python/cpython
Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported.
This commit is contained in:
Antoine Pitrou
commit
a02a12c517
|
|
@ -0,0 +1,31 @@
|
|||
# Certificate for projects.developer.nokia.com:443 (see issue 13034)
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFLDCCBBSgAwIBAgIQLubqdkCgdc7lAF9NfHlUmjANBgkqhkiG9w0BAQUFADCB
|
||||
vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
|
||||
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
|
||||
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
|
||||
VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
|
||||
DTExMDkyMTAwMDAwMFoXDTEyMDkyMDIzNTk1OVowcTELMAkGA1UEBhMCRkkxDjAM
|
||||
BgNVBAgTBUVzcG9vMQ4wDAYDVQQHFAVFc3BvbzEOMAwGA1UEChQFTm9raWExCzAJ
|
||||
BgNVBAsUAkJJMSUwIwYDVQQDFBxwcm9qZWN0cy5kZXZlbG9wZXIubm9raWEuY29t
|
||||
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr92w1bpHYSYxUEx8N/8Iddda2
|
||||
lYi+aXNtQfV/l2Fw9Ykv3Ipw4nLeGTj18FFlAZgMdPRlgrzF/NNXGw/9l3/qKdow
|
||||
CypkQf8lLaxb9Ze1E/KKmkRJa48QTOqvo6GqKuTI6HCeGlG1RxDb8YSKcQWLiytn
|
||||
yj3Wp4MgRQO266xmMQIDAQABo4IB9jCCAfIwQQYDVR0RBDowOIIccHJvamVjdHMu
|
||||
ZGV2ZWxvcGVyLm5va2lhLmNvbYIYcHJvamVjdHMuZm9ydW0ubm9raWEuY29tMAkG
|
||||
A1UdEwQCMAAwCwYDVR0PBAQDAgWgMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9T
|
||||
VlJJbnRsLUczLWNybC52ZXJpc2lnbi5jb20vU1ZSSW50bEczLmNybDBEBgNVHSAE
|
||||
PTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZl
|
||||
cmlzaWduLmNvbS9ycGEwKAYDVR0lBCEwHwYJYIZIAYb4QgQBBggrBgEFBQcDAQYI
|
||||
KwYBBQUHAwIwcgYIKwYBBQUHAQEEZjBkMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
|
||||
cC52ZXJpc2lnbi5jb20wPAYIKwYBBQUHMAKGMGh0dHA6Ly9TVlJJbnRsLUczLWFp
|
||||
YS52ZXJpc2lnbi5jb20vU1ZSSW50bEczLmNlcjBuBggrBgEFBQcBDARiMGChXqBc
|
||||
MFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsH
|
||||
iyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJ
|
||||
KoZIhvcNAQEFBQADggEBACQuPyIJqXwUyFRWw9x5yDXgMW4zYFopQYOw/ItRY522
|
||||
O5BsySTh56BWS6mQB07XVfxmYUGAvRQDA5QHpmY8jIlNwSmN3s8RKo+fAtiNRlcL
|
||||
x/mWSfuMs3D/S6ev3D6+dpEMZtjrhOdctsarMKp8n/hPbwhAbg5hVjpkW5n8vz2y
|
||||
0KxvvkA1AxpLwpVv7OlK17ttzIHw8bp9HTlHBU5s8bKz4a565V/a5HI0CSEv/+0y
|
||||
ko4/ghTnZc1CkmUngKKeFMSah/mT/xAh8XnE2l1AazFa8UKuYki1e+ArHaGZc4ix
|
||||
UYOtiRphwfuYQhRZ7qX9q2MMkCMI65XNK/SaFrAbbG0=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -54,6 +54,7 @@ EMPTYCERT = data_file("nullcert.pem")
|
|||
BADCERT = data_file("badcert.pem")
|
||||
WRONGCERT = data_file("XXXnonexisting.pem")
|
||||
BADKEY = data_file("badkey.pem")
|
||||
NOKIACERT = data_file("nokia.pem")
|
||||
|
||||
|
||||
def handle_error(prefix):
|
||||
|
|
@ -130,6 +131,31 @@ class BasicSocketTests(unittest.TestCase):
|
|||
p = ssl._ssl._test_decode_cert(CERTFILE)
|
||||
if support.verbose:
|
||||
sys.stdout.write("\n" + pprint.pformat(p) + "\n")
|
||||
self.assertEqual(p['issuer'],
|
||||
((('countryName', 'XY'),),
|
||||
(('localityName', 'Castle Anthrax'),),
|
||||
(('organizationName', 'Python Software Foundation'),),
|
||||
(('commonName', 'localhost'),))
|
||||
)
|
||||
self.assertEqual(p['notAfter'], 'Oct 5 23:01:56 2020 GMT')
|
||||
self.assertEqual(p['notBefore'], 'Oct 8 23:01:56 2010 GMT')
|
||||
self.assertEqual(p['serialNumber'], 'D7C7381919AFC24E')
|
||||
self.assertEqual(p['subject'],
|
||||
((('countryName', 'XY'),),
|
||||
(('localityName', 'Castle Anthrax'),),
|
||||
(('organizationName', 'Python Software Foundation'),),
|
||||
(('commonName', 'localhost'),))
|
||||
)
|
||||
self.assertEqual(p['subjectAltName'], (('DNS', 'localhost'),))
|
||||
# Issue #13034: the subjectAltName in some certificates
|
||||
# (notably projects.developer.nokia.com:443) wasn't parsed
|
||||
p = ssl._ssl._test_decode_cert(NOKIACERT)
|
||||
if support.verbose:
|
||||
sys.stdout.write("\n" + pprint.pformat(p) + "\n")
|
||||
self.assertEqual(p['subjectAltName'],
|
||||
(('DNS', 'projects.developer.nokia.com'),
|
||||
('DNS', 'projects.forum.nokia.com'))
|
||||
)
|
||||
|
||||
def test_DER_to_PEM(self):
|
||||
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
|
||||
|
|
|
|||
|
|
@ -294,6 +294,9 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #13034: When decoding some SSL certificates, the subjectAltName
|
||||
extension could be unreported.
|
||||
|
||||
- Issue #9871: Prevent IDLE 3 crash when given byte stings
|
||||
with invalid hex escape sequences, like b'\x0'.
|
||||
(Original patch by Claudiu Popa.)
|
||||
|
|
|
|||
|
|
@ -595,7 +595,7 @@ _get_peer_alt_names (X509 *certificate) {
|
|||
/* get a memory buffer */
|
||||
biobuf = BIO_new(BIO_s_mem());
|
||||
|
||||
i = 0;
|
||||
i = -1;
|
||||
while ((i = X509_get_ext_by_NID(
|
||||
certificate, NID_subject_alt_name, i)) >= 0) {
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue