def test_check_cert_dns_name_CN_differ_SAN(self):
# This certificate contains
# CN: *.vbox.local
# DNS: bad.*.vbox.local, *.example.com
certfile = os.path.join(os.path.dirname(__file__), "data",
'cert-with-key-CNdifferSAN.pem')
with open(certfile, 'rb') as f:
pem_contents = f.read()
cert = x509.load_pem_x509_certificate(pem_contents,
default_backend())
# domain matches CN, but does not match any of the DNS names
result = cert_api._check_cert_dns_name(cert, 'vbox.local')
self.assertIn("doesn't match", str(result))
# domain matches one of the DNS names, but not the CN
result = cert_api._check_cert_dns_name(cert, 'example.com')
self.assertTrue(result)
result = cert_api._check_cert_dns_name(cert, 'a.vbox.local')
self.assertIn("doesn't match", str(result))
result = cert_api._check_cert_dns_name(cert, 'x.example.com')
self.assertIn("doesn't match", str(result))
def test_check_cert_dns_name_valid_SAN(self):
# This certificate contains
# CN: *.vbox.local
# DNS: *.vbox.local
certfile = os.path.join(os.path.dirname(__file__), "data",
'cert-with-key-SAN.pem')
with open(certfile, 'rb') as f:
pem_contents = f.read()
cert = x509.load_pem_x509_certificate(pem_contents, default_backend())
result = cert_api._check_cert_dns_name(cert, 'vbox.local')
self.assertTrue(result)
result = cert_api._check_cert_dns_name(cert, 'domain.org')
self.assertIn("doesn't match", str(result))
result = cert_api._check_cert_dns_name(cert, 'lab.vbox.local')
self.assertIn("doesn't match", str(result))