vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #2315 from coreos-inc/ssl-wildcard-branches

Browse source 
DNS name check got reversed; breaks wildcards
This commit is contained in:
josephschorr 2017-01-29 11:54:57 -05:00 committed by GitHub
commit 55773a9c13
2 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
test/test_ssl_util.py
View file

@ -64,6 +64,19 @@ class TestSSLCertificate(unittest.TestCase):
for name in cert.names: for name in cert.names:
self.assertTrue(cert.matches_name(name)) self.assertTrue(cert.matches_name(name))
def test_wildcard_hostnames(self):
(public_key_data, _) = generate_test_cert(hostname='foo', san_list=['DNS:*.bar'])
cert = load_certificate(public_key_data)
self.assertEquals(set(['foo', '*.bar']), cert.names)
for name in cert.names:
self.assertTrue(cert.matches_name(name))
self.assertTrue(cert.matches_name('something.bar'))
self.assertTrue(cert.matches_name('somethingelse.bar'))
self.assertTrue(cert.matches_name('cool.bar'))
self.assertFalse(cert.matches_name('*'))
def test_nondns_hostnames(self): def test_nondns_hostnames(self):
(public_key_data, _) = generate_test_cert(hostname='foo', san_list=['URI:yarg']) (public_key_data, _) = generate_test_cert(hostname='foo', san_list=['URI:yarg'])
cert = load_certificate(public_key_data) cert = load_certificate(public_key_data)

2
util/security/ssl.py
View file

@ -45,7 +45,7 @@ class SSLCertificate(object):
def matches_name(self, check_name): def matches_name(self, check_name):
""" Returns true if this SSL certificate matches the given DNS hostname. """ """ Returns true if this SSL certificate matches the given DNS hostname. """
for dns_name in self.names: for dns_name in self.names:
if fnmatch(dns_name, check_name): if fnmatch(check_name, dns_name):
return True return True
return False return False