Author ahasenack
Recipients ahasenack, gvanrossum, janssen
Date 2007-12-12.12:48:23
SpamBayes Score 0.270752
Marked as misclassified No
Message-id <1197463704.77.0.451471168005.issue1589@psf.upfronthosting.co.za>
In-reply-to
Content 
At the least it should be made clear in the documentation that the
hostname is not checked against the commonName nor the subjectAltName
fields of the server certificate. And add some sample code to the
documentation for doing a simple check. Something like this, to illustrate:

def get_subjectAltName(cert):
        if not cert.has_key('subjectAltName'):
                return []
        ret = []
        for rdn in cert['subjectAltName']:
                if rdn[0].lower() == 'dns' or rdn[0][:2].lower() == 'ip':
                        ret.append(rdn[1])
        return ret

def get_commonName(cert):
        if not cert.has_key('subject'):
                return []
        ret = []
        for rdn in cert['subject']:
                if rdn[0][0].lower() == 'commonname':
                        ret.append(rdn[0][1])
        return ret


def verify_hostname(cert, host):
        cn = get_commonName(cert)
        san = get_subjectAltName(cert)
        return (host in cn) or (host in san)
History
Date User Action Args
2007-12-12 12:48:25ahasenacksetspambayes_score: 0.270752 -> 0.270752
recipients: + ahasenack, gvanrossum, janssen
2007-12-12 12:48:24ahasenacksetspambayes_score: 0.270752 -> 0.270752
messageid: <1197463704.77.0.451471168005.issue1589@psf.upfronthosting.co.za>
2007-12-12 12:48:24ahasenacklinkissue1589 messages
2007-12-12 12:48:23ahasenackcreate