23 check(_verifycert(cert('*.example.com'), 'example.com'), |
23 check(_verifycert(cert('*.example.com'), 'example.com'), |
24 'certificate is for *.example.com') |
24 'certificate is for *.example.com') |
25 check(_verifycert(cert('*.example.com'), 'w.w.example.com'), |
25 check(_verifycert(cert('*.example.com'), 'w.w.example.com'), |
26 'certificate is for *.example.com') |
26 'certificate is for *.example.com') |
27 |
27 |
|
28 # Test subjectAltName |
|
29 san_cert = {'subject': ((('commonName', 'example.com'),),), |
|
30 'subjectAltName': (('DNS', '*.example.net'), |
|
31 ('DNS', 'example.net'))} |
|
32 check(_verifycert(san_cert, 'example.net'), |
|
33 None) |
|
34 check(_verifycert(san_cert, 'foo.example.net'), |
|
35 None) |
|
36 # subject is only checked when subjectAltName is empty |
|
37 check(_verifycert(san_cert, 'example.com'), |
|
38 'certificate is for *.example.net, example.net') |
|
39 |
28 # Avoid some pitfalls |
40 # Avoid some pitfalls |
29 check(_verifycert(cert('*.foo'), 'foo'), |
41 check(_verifycert(cert('*.foo'), 'foo'), |
30 'certificate is for *.foo') |
42 'certificate is for *.foo') |
31 check(_verifycert(cert('*o'), 'foo'), |
43 check(_verifycert(cert('*o'), 'foo'), |
32 'certificate is for *o') |
44 'certificate is for *o') |
33 |
45 |
34 check(_verifycert({'subject': ()}, |
46 check(_verifycert({'subject': ()}, |
35 'example.com'), |
47 'example.com'), |
36 'no commonName found in certificate') |
48 'no commonName or subjectAltName found in certificate') |
37 check(_verifycert(None, 'example.com'), |
49 check(_verifycert(None, 'example.com'), |
38 'no certificate received') |
50 'no certificate received') |
39 |
51 |
40 # Unicode (IDN) certname isn't supported |
52 # Unicode (IDN) certname isn't supported |
41 check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), |
53 check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), |