31 ('DNS', 'example.net'))} |
31 ('DNS', 'example.net'))} |
32 check(_verifycert(san_cert, 'example.net'), |
32 check(_verifycert(san_cert, 'example.net'), |
33 None) |
33 None) |
34 check(_verifycert(san_cert, 'foo.example.net'), |
34 check(_verifycert(san_cert, 'foo.example.net'), |
35 None) |
35 None) |
36 # subject is only checked when subjectAltName is empty |
36 # no fallback to subject commonName when subjectAltName has DNS |
37 check(_verifycert(san_cert, 'example.com'), |
37 check(_verifycert(san_cert, 'example.com'), |
38 'certificate is for *.example.net, example.net') |
38 'certificate is for *.example.net, example.net') |
|
39 # fallback to subject commonName when no DNS in subjectAltName |
|
40 san_cert = {'subject': ((('commonName', 'example.com'),),), |
|
41 'subjectAltName': (('IP Address', '8.8.8.8'),)} |
|
42 check(_verifycert(san_cert, 'example.com'), None) |
39 |
43 |
40 # Avoid some pitfalls |
44 # Avoid some pitfalls |
41 check(_verifycert(cert('*.foo'), 'foo'), |
45 check(_verifycert(cert('*.foo'), 'foo'), |
42 'certificate is for *.foo') |
46 'certificate is for *.foo') |
43 check(_verifycert(cert('*o'), 'foo'), |
47 check(_verifycert(cert('*o'), 'foo'), |
46 check(_verifycert({'subject': ()}, |
50 check(_verifycert({'subject': ()}, |
47 'example.com'), |
51 'example.com'), |
48 'no commonName or subjectAltName found in certificate') |
52 'no commonName or subjectAltName found in certificate') |
49 check(_verifycert(None, 'example.com'), |
53 check(_verifycert(None, 'example.com'), |
50 'no certificate received') |
54 'no certificate received') |
|
55 |
|
56 # Unicode (IDN) certname isn't supported |
|
57 check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), |
|
58 'IDN in certificate not supported') |
51 |
59 |
52 import doctest |
60 import doctest |
53 |
61 |
54 def test_url(): |
62 def test_url(): |
55 """ |
63 """ |