bpo-23033: Improve SSL Certificate handling (GH-937) · python/cpython@ede2ac9 (original) (raw)

`@@ -512,10 +512,11 @@ def fail(cert, hostname):

`

512

512

`fail(cert, 'Xa.com')

`

513

513

`fail(cert, '.a.com')

`

514

514

``

515

``

`-

only match one left-most wildcard

`

``

515

`+

only match wildcards when they are the only thing

`

``

516

`+

in left-most segment

`

516

517

`cert = {'subject': ((('commonName', 'f*.com'),),)}

`

517

``

`-

ok(cert, 'foo.com')

`

518

``

`-

ok(cert, 'f.com')

`

``

518

`+

fail(cert, 'foo.com')

`

``

519

`+

fail(cert, 'f.com')

`

519

520

`fail(cert, 'bar.com')

`

520

521

`fail(cert, 'foo.a.com')

`

521

522

`fail(cert, 'bar.foo.com')

`

`@@ -552,8 +553,8 @@ def fail(cert, hostname):

`

552

553

`# are supported.

`

553

554

`idna = 'www*.pythön.org'.encode("idna").decode("ascii")

`

554

555

`cert = {'subject': ((('commonName', idna),),)}

`

555

``

`-

ok(cert, 'www.pythön.org'.encode("idna").decode("ascii"))

`

556

``

`-

ok(cert, 'www1.pythön.org'.encode("idna").decode("ascii"))

`

``

556

`+

fail(cert, 'www.pythön.org'.encode("idna").decode("ascii"))

`

``

557

`+

fail(cert, 'www1.pythön.org'.encode("idna").decode("ascii"))

`

557

558

`fail(cert, 'ftp.pythön.org'.encode("idna").decode("ascii"))

`

558

559

`fail(cert, 'pythön.org'.encode("idna").decode("ascii"))

`

559

560

``

`@@ -637,7 +638,7 @@ def fail(cert, hostname):

`

637

638

`# Issue #17980: avoid denials of service by refusing more than one

`

638

639

`# wildcard per fragment.

`

639

640

`cert = {'subject': ((('commonName', 'a*b.com'),),)}

`

640

``

`-

ok(cert, 'axxb.com')

`

``

641

`+

fail(cert, 'axxb.com')

`

641

642

`cert = {'subject': ((('commonName', 'ab.co'),),)}

`

642

643

`fail(cert, 'axxb.com')

`

643

644

`cert = {'subject': ((('commonName', 'ab.com'),),)}

`