mirror of https://github.com/python/cpython
Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported.
This commit is contained in:
parent
564f89036f
commit
f06eb46918
|
@ -0,0 +1,31 @@
|
|||
# Certificate for projects.developer.nokia.com:443 (see issue 13034)
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFLDCCBBSgAwIBAgIQLubqdkCgdc7lAF9NfHlUmjANBgkqhkiG9w0BAQUFADCB
|
||||
vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
|
||||
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
|
||||
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
|
||||
VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
|
||||
DTExMDkyMTAwMDAwMFoXDTEyMDkyMDIzNTk1OVowcTELMAkGA1UEBhMCRkkxDjAM
|
||||
BgNVBAgTBUVzcG9vMQ4wDAYDVQQHFAVFc3BvbzEOMAwGA1UEChQFTm9raWExCzAJ
|
||||
BgNVBAsUAkJJMSUwIwYDVQQDFBxwcm9qZWN0cy5kZXZlbG9wZXIubm9raWEuY29t
|
||||
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr92w1bpHYSYxUEx8N/8Iddda2
|
||||
lYi+aXNtQfV/l2Fw9Ykv3Ipw4nLeGTj18FFlAZgMdPRlgrzF/NNXGw/9l3/qKdow
|
||||
CypkQf8lLaxb9Ze1E/KKmkRJa48QTOqvo6GqKuTI6HCeGlG1RxDb8YSKcQWLiytn
|
||||
yj3Wp4MgRQO266xmMQIDAQABo4IB9jCCAfIwQQYDVR0RBDowOIIccHJvamVjdHMu
|
||||
ZGV2ZWxvcGVyLm5va2lhLmNvbYIYcHJvamVjdHMuZm9ydW0ubm9raWEuY29tMAkG
|
||||
A1UdEwQCMAAwCwYDVR0PBAQDAgWgMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9T
|
||||
VlJJbnRsLUczLWNybC52ZXJpc2lnbi5jb20vU1ZSSW50bEczLmNybDBEBgNVHSAE
|
||||
PTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZl
|
||||
cmlzaWduLmNvbS9ycGEwKAYDVR0lBCEwHwYJYIZIAYb4QgQBBggrBgEFBQcDAQYI
|
||||
KwYBBQUHAwIwcgYIKwYBBQUHAQEEZjBkMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
|
||||
cC52ZXJpc2lnbi5jb20wPAYIKwYBBQUHMAKGMGh0dHA6Ly9TVlJJbnRsLUczLWFp
|
||||
YS52ZXJpc2lnbi5jb20vU1ZSSW50bEczLmNlcjBuBggrBgEFBQcBDARiMGChXqBc
|
||||
MFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsH
|
||||
iyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJ
|
||||
KoZIhvcNAQEFBQADggEBACQuPyIJqXwUyFRWw9x5yDXgMW4zYFopQYOw/ItRY522
|
||||
O5BsySTh56BWS6mQB07XVfxmYUGAvRQDA5QHpmY8jIlNwSmN3s8RKo+fAtiNRlcL
|
||||
x/mWSfuMs3D/S6ev3D6+dpEMZtjrhOdctsarMKp8n/hPbwhAbg5hVjpkW5n8vz2y
|
||||
0KxvvkA1AxpLwpVv7OlK17ttzIHw8bp9HTlHBU5s8bKz4a565V/a5HI0CSEv/+0y
|
||||
ko4/ghTnZc1CkmUngKKeFMSah/mT/xAh8XnE2l1AazFa8UKuYki1e+ArHaGZc4ix
|
||||
UYOtiRphwfuYQhRZ7qX9q2MMkCMI65XNK/SaFrAbbG0=
|
||||
-----END CERTIFICATE-----
|
|
@ -110,6 +110,23 @@ class BasicSocketTests(unittest.TestCase):
|
|||
p = ssl._ssl._test_decode_cert(CERTFILE, False)
|
||||
if test_support.verbose:
|
||||
sys.stdout.write("\n" + pprint.pformat(p) + "\n")
|
||||
self.assertEqual(p['subject'],
|
||||
((('countryName', u'US'),),
|
||||
(('stateOrProvinceName', u'Delaware'),),
|
||||
(('localityName', u'Wilmington'),),
|
||||
(('organizationName', u'Python Software Foundation'),),
|
||||
(('organizationalUnitName', u'SSL'),),
|
||||
(('commonName', u'somemachine.python.org'),)),
|
||||
)
|
||||
# Issue #13034: the subjectAltName in some certificates
|
||||
# (notably projects.developer.nokia.com:443) wasn't parsed
|
||||
p = ssl._ssl._test_decode_cert(NOKIACERT)
|
||||
if test_support.verbose:
|
||||
sys.stdout.write("\n" + pprint.pformat(p) + "\n")
|
||||
self.assertEqual(p['subjectAltName'],
|
||||
(('DNS', 'projects.developer.nokia.com'),
|
||||
('DNS', 'projects.forum.nokia.com'))
|
||||
)
|
||||
|
||||
def test_DER_to_PEM(self):
|
||||
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
|
||||
|
@ -1329,15 +1346,18 @@ else:
|
|||
|
||||
|
||||
def test_main(verbose=False):
|
||||
global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT
|
||||
global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT
|
||||
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
|
||||
"keycert.pem")
|
||||
SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
|
||||
os.path.dirname(__file__) or os.curdir,
|
||||
"https_svn_python_org_root.pem")
|
||||
NOKIACERT = os.path.join(os.path.dirname(__file__) or os.curdir,
|
||||
"nokia.pem")
|
||||
|
||||
if (not os.path.exists(CERTFILE) or
|
||||
not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)):
|
||||
not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT) or
|
||||
not os.path.exists(NOKIACERT)):
|
||||
raise test_support.TestFailed("Can't read certificate files!")
|
||||
|
||||
tests = [BasicTests, BasicSocketTests]
|
||||
|
|
|
@ -702,7 +702,7 @@ _get_peer_alt_names (X509 *certificate) {
|
|||
/* get a memory buffer */
|
||||
biobuf = BIO_new(BIO_s_mem());
|
||||
|
||||
i = 0;
|
||||
i = -1;
|
||||
while ((i = X509_get_ext_by_NID(
|
||||
certificate, NID_subject_alt_name, i)) >= 0) {
|
||||
|
||||
|
|
Loading…
Reference in New Issue