def match_hostname(cert, hostname):
try:
host_ip = ip_address(hostname)
except ValueError:
# Not an IP address (common case)
host_ip = None
dnsnames = []
san = cert.get_subject_alt_name() or ()
for key, value in san:
if key == 'DNS':
if host_ip is None and _dnsname_match(value, hostname):
return
dnsnames.append(value)
elif key == 'IP Address':
if host_ip is not None and _ipaddress_match(value, host_ip):
return
dnsnames.append(value)
if not dnsnames:
# The subject is only checked when there is no dNSName entry in subjectAltName
# XXX according to RFC 2818, the most specific Common Name must be used.
value = cert.get_subject().commonName
if _dnsname_match(value, hostname):
return
dnsnames.append(value)
if len(dnsnames) > 1:
raise CertificateError(
-1, "hostname %r doesn't match either of %s" %
(hostname, ', '.join(map(repr, dnsnames))))
elif len(dnsnames) == 1:
raise CertificateError(
-1, "hostname %r doesn't match %r" % (hostname, dnsnames[0]))
else:
raise CertificateError(
-1, "no appropriate commonName or "
"subjectAltName fields were found")
def update_event(self, inp=-1):
self.set_output_val(0,
ssl._ipaddress_match(self.input(0), self.input(1)))