Issue #12000: When a SSL certificate has a subjectAltName without any dNSName entry, ssl.match_hostname() should use the subject's commonName. Patch by Nicolas Bareil.

commit: 1c86b4450689cc9ecef6c99ad8e55bae67931e59 [log] [tgz]
author: Antoine Pitrou <solipsis@pitrou.net> Fri May 06 15:19:49 2011 +0200
committer: Antoine Pitrou <solipsis@pitrou.net> Fri May 06 15:19:49 2011 +0200
tree: 93db475c6bae4a416638fa39cec89d074ae3c542
parent: 78349b06af6cabe7ff949a98fafa15d8a9c48c61 [diff] [blame]
diff --git a/Lib/ssl.py b/Lib/ssl.py
index 84aa6dc..e7c175f 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py

@@ -122,8 +122,9 @@
             if _dnsname_to_pat(value).match(hostname):
                 return
             dnsnames.append(value)
-    if not san:
-        # The subject is only checked when subjectAltName is empty
+    if not dnsnames:
+        # The subject is only checked when there is no dNSName entry
+        # in subjectAltName
         for sub in cert.get('subject', ()):
             for key, value in sub:
                 # XXX according to RFC 2818, the most specific Common Name
commit	1c86b4450689cc9ecef6c99ad8e55bae67931e59	[log] [tgz]
author	Antoine Pitrou <solipsis@pitrou.net>	Fri May 06 15:19:49 2011 +0200
committer	Antoine Pitrou <solipsis@pitrou.net>	Fri May 06 15:19:49 2011 +0200
tree	93db475c6bae4a416638fa39cec89d074ae3c542
parent	78349b06af6cabe7ff949a98fafa15d8a9c48c61 [diff] [blame]