Browse Source

Merge pull request #677 from wozz/paymnt-update

update to certificate check for Subject Alt Names
283
ThomasV 11 years ago
parent
commit
78a748149c
  1. 24
      lib/paymentrequest.py

24
lib/paymentrequest.py

@ -71,11 +71,27 @@ class PaymentRequest:
x509_1 = X509.load_cert_der_string(cert.certificate[0]) x509_1 = X509.load_cert_der_string(cert.certificate[0])
if self.domain != x509_1.get_subject().CN: if self.domain != x509_1.get_subject().CN:
###TODO: check for subject alt names validcert = False
### check for wildcards try:
print "ERROR: Certificate Subject Domain Mismatch" SANs = x509_1.get_ext("subjectAltName").get_value().split(",")
for s in SANs:
s = s.strip()
if s.startswith("DNS:") and s[4:] == self.domain:
validcert = True
print "Match SAN DNS"
elif s.startswith("IP:") and s[3:] == self.domain:
validcert = True
print "Match SAN IP"
elif s.startswith("email:") and s[6:] == self.domain:
validcert = True
print "Match SAN email"
except Exception, e:
print "ERROR: No SAN data"
if not validcert:
###TODO: check for wildcards
print "ERROR: Certificate Subject Domain Mismatch and SAN Mismatch"
print self.domain, x509_1.get_subject().CN print self.domain, x509_1.get_subject().CN
#return return
x509 = [] x509 = []
CA_OU = '' CA_OU = ''

Loading…
Cancel
Save