diff options
author | Christian Heimes <christian@python.org> | 2016-09-06 23:25:35 +0200 |
---|---|---|
committer | Christian Heimes <christian@python.org> | 2016-09-06 23:25:35 +0200 |
commit | 0e0c9096e87a3631b9d96eef406d3737d176631c (patch) | |
tree | 9285afd53cf47d7d8678e5cd224c120d5ffd4ecb /Lib/test/test_ssl.py | |
parent | a8a6bb82c36880ddea2a136b40d7ccc56a3a4d59 (diff) | |
download | cpython-0e0c9096e87a3631b9d96eef406d3737d176631c.tar.gz |
Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs.
Diffstat (limited to 'Lib/test/test_ssl.py')
-rw-r--r-- | Lib/test/test_ssl.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 79e26ba45b..0f4faa09bd 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -57,6 +57,8 @@ CRLFILE = data_file("revocation.crl") SIGNED_CERTFILE = data_file("keycert3.pem") SIGNED_CERTFILE2 = data_file("keycert4.pem") SIGNING_CA = data_file("pycacert.pem") +# cert with all kinds of subject alt names +ALLSANFILE = data_file("allsans.pem") REMOTE_HOST = "self-signed.pythontest.net" REMOTE_ROOT_CERT = data_file("selfsigned_pythontestdotnet.pem") @@ -279,6 +281,27 @@ class BasicSocketTests(unittest.TestCase): self.assertEqual(p['subjectAltName'], san) + def test_parse_all_sans(self): + p = ssl._ssl._test_decode_cert(ALLSANFILE) + self.assertEqual(p['subjectAltName'], + ( + ('DNS', 'allsans'), + ('othername', '<unsupported>'), + ('othername', '<unsupported>'), + ('email', 'user@example.org'), + ('DNS', 'www.example.org'), + ('DirName', + ((('countryName', 'XY'),), + (('localityName', 'Castle Anthrax'),), + (('organizationName', 'Python Software Foundation'),), + (('commonName', 'dirname example'),))), + ('URI', 'https://www.python.org/'), + ('IP Address', '127.0.0.1'), + ('IP Address', '0:0:0:0:0:0:0:1\n'), + ('Registered ID', '1.2.3.4.5') + ) + ) + def test_DER_to_PEM(self): with open(CAFILE_CACERT, 'r') as f: pem = f.read() |