tMerge pull request #677 from wozz/paymnt-update - electrum - Electrum Bitcoin wallet
HTML git clone https://git.parazyd.org/electrum
DIR Log
DIR Files
DIR Refs
DIR Submodules
---
DIR commit 78a748149c346683f33e51851c93ee9bc7596016
DIR parent f004dff9ef8d0c6b3c6a29cb79a78a1bd56a5ff4
HTML Author: ThomasV <thomasv1@gmx.de>
Date: Mon, 5 May 2014 18:14:19 +0200
Merge pull request #677 from wozz/paymnt-update
update to certificate check for Subject Alt Names
Diffstat:
M lib/paymentrequest.py | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
---
DIR diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py
t@@ -71,11 +71,27 @@ class PaymentRequest:
x509_1 = X509.load_cert_der_string(cert.certificate[0])
if self.domain != x509_1.get_subject().CN:
- ###TODO: check for subject alt names
- ### check for wildcards
- print "ERROR: Certificate Subject Domain Mismatch"
- print self.domain, x509_1.get_subject().CN
- #return
+ validcert = False
+ try:
+ SANs = x509_1.get_ext("subjectAltName").get_value().split(",")
+ for s in SANs:
+ s = s.strip()
+ if s.startswith("DNS:") and s[4:] == self.domain:
+ validcert = True
+ print "Match SAN DNS"
+ elif s.startswith("IP:") and s[3:] == self.domain:
+ validcert = True
+ print "Match SAN IP"
+ elif s.startswith("email:") and s[6:] == self.domain:
+ validcert = True
+ print "Match SAN email"
+ except Exception, e:
+ print "ERROR: No SAN data"
+ if not validcert:
+ ###TODO: check for wildcards
+ print "ERROR: Certificate Subject Domain Mismatch and SAN Mismatch"
+ print self.domain, x509_1.get_subject().CN
+ return
x509 = []
CA_OU = ''