mercurial-scm/hg: tests/test-url.py comparison

comparison tests/test-url.py @ 13249:75d0c38a0bca stable

url: check subjectAltName when verifying ssl certificate Now it verifies certificate in the same manner as py3k implementation: http://svn.python.org/view/python/branches/py3k/Lib/ssl.py?view=markup#match_hostname

author	Yuya Nishihara <yuya@tcha.org>
date	Sun, 09 Jan 2011 00:35:36 +0900
parents	00411a4fa1bb
children	4e8f2310f310

comparison

equal deleted inserted replaced

-:00411a4fa1bb
+:75d0c38a0bca
 check(_verifycert(cert('*.example.com'), 'example.com'),
 'certificate is for *.example.com')
 check(_verifycert(cert('*.example.com'), 'w.w.example.com'),
 'certificate is for *.example.com')
+# Test subjectAltName
+san_cert = {'subject': ((('commonName', 'example.com'),),),
+'subjectAltName': (('DNS', '*.example.net'),
+('DNS', 'example.net'))}
+check(_verifycert(san_cert, 'example.net'),
+None)
+check(_verifycert(san_cert, 'foo.example.net'),
+None)
+# subject is only checked when subjectAltName is empty
+check(_verifycert(san_cert, 'example.com'),
+'certificate is for *.example.net, example.net')
 # Avoid some pitfalls
 check(_verifycert(cert('*.foo'), 'foo'),
 'certificate is for *.foo')
 check(_verifycert(cert('*o'), 'foo'),
 'certificate is for *o')
 check(_verifycert({'subject': ()},
 'example.com'),
-'no commonName found in certificate')
+'no commonName or subjectAltName found in certificate')
 check(_verifycert(None, 'example.com'),
 'no certificate received')
 # Unicode (IDN) certname isn't supported
 check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),

Mercurial > public > mercurial-scm > hg

comparison tests/test-url.py @ 13249:75d0c38a0bca stable