diff options
| author | Georg Brandl <georg@python.org> | 2013-10-27 07:46:09 +0100 |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2013-10-27 07:46:09 +0100 |
| commit | b89b5df9c9aa2e45bfffa95f5e3deb6234232c93 (patch) | |
| tree | fd9bfa96b2e5cbc69acc235dd15dd682c10fc00e /Lib/test/test_ssl.py | |
| parent | 68457be619b919127d0858322ce84e901fd89728 (diff) | |
| parent | 045ee06ae91a1503a8d512929c54e16deabfe9a8 (diff) | |
| download | cpython-git-b89b5df9c9aa2e45bfffa95f5e3deb6234232c93.tar.gz | |
merge with 3.3
Diffstat (limited to 'Lib/test/test_ssl.py')
| -rw-r--r-- | Lib/test/test_ssl.py | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 2605e68cce..b1cb8c5424 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -358,11 +358,7 @@ class BasicSocketTests(unittest.TestCase): fail(cert, 'Xa.com') fail(cert, '.a.com') - cert = {'subject': ((('commonName', 'a.*.com'),),)} - ok(cert, 'a.foo.com') - fail(cert, 'a..com') - fail(cert, 'a.com') - + # only match one left-most wildcard cert = {'subject': ((('commonName', 'f*.com'),),)} ok(cert, 'foo.com') ok(cert, 'f.com') @@ -377,6 +373,36 @@ class BasicSocketTests(unittest.TestCase): fail(cert, 'example.org') fail(cert, 'null.python.org') + # error cases with wildcards + cert = {'subject': ((('commonName', '*.*.a.com'),),)} + fail(cert, 'bar.foo.a.com') + fail(cert, 'a.com') + fail(cert, 'Xa.com') + fail(cert, '.a.com') + + cert = {'subject': ((('commonName', 'a.*.com'),),)} + fail(cert, 'a.foo.com') + fail(cert, 'a..com') + fail(cert, 'a.com') + + # wildcard doesn't match IDNA prefix 'xn--' + idna = 'püthon.python.org'.encode("idna").decode("ascii") + cert = {'subject': ((('commonName', idna),),)} + ok(cert, idna) + cert = {'subject': ((('commonName', 'x*.python.org'),),)} + fail(cert, idna) + cert = {'subject': ((('commonName', 'xn--p*.python.org'),),)} + fail(cert, idna) + + # wildcard in first fragment and IDNA A-labels in sequent fragments + # are supported. + idna = 'www*.pythön.org'.encode("idna").decode("ascii") + cert = {'subject': ((('commonName', idna),),)} + ok(cert, 'www.pythön.org'.encode("idna").decode("ascii")) + ok(cert, 'www1.pythön.org'.encode("idna").decode("ascii")) + fail(cert, 'ftp.pythön.org'.encode("idna").decode("ascii")) + fail(cert, 'pythön.org'.encode("idna").decode("ascii")) + # Slightly fake real-world example cert = {'notAfter': 'Jun 26 21:41:46 2011 GMT', 'subject': ((('commonName', 'linuxfrz.org'),),), @@ -437,7 +463,7 @@ class BasicSocketTests(unittest.TestCase): cert = {'subject': ((('commonName', 'a*b.com'),),)} ok(cert, 'axxb.com') cert = {'subject': ((('commonName', 'a*b.co*'),),)} - ok(cert, 'axxb.com') + fail(cert, 'axxb.com') cert = {'subject': ((('commonName', 'a*b*.com'),),)} with self.assertRaises(ssl.CertificateError) as cm: ssl.match_hostname(cert, 'axxbxxc.com') |