Fix TLS subjectAltName verification.

author Roger Light <roger@atchoo.org>

Sat, 7 Dec 2013 23:20:08 +0000 (23:20 +0000)

committer Roger Light <roger@atchoo.org>

Mon, 3 Feb 2014 21:20:22 +0000 (21:20 +0000)
author Roger Light <roger@atchoo.org>
Sat, 7 Dec 2013 23:20:08 +0000 (23:20 +0000)
committer Roger Light <roger@atchoo.org>
Mon, 3 Feb 2014 21:20:22 +0000 (21:20 +0000)
diff --git a/src/paho/mqtt/client.py b/src/paho/mqtt/client.py

index f3fd15dfbac201d7cf63c26e950fb27c4887ae60..1a72c7967720a9c116f09e55c1275fc15a01137f 100755 (executable)
--- a/src/paho/mqtt/client.py
+++ b/src/paho/mqtt/client.py
@@ -2008,7 +2008,11 @@ class Client:
              for ((key,value),) in san:
                  if key == 'DNS':
                      have_san_dns = True
-                    if value == self._host:
+                    if value.lower() == self._host.lower():
+                        return
+                if key == 'IP Address':
+                    have_san_dns = True
+                    if value.lower() == self._host.lower():
                          return
  
              if have_san_dns:
@@ -2018,7 +2022,7 @@ class Client:
          if subject:
              for ((key,value),) in subject:
                  if key == 'commonName':
-                    if value == self._host:
+                    if value.lower() == self._host.lower():
                          return
  
          raise ssl.SSLError('Certificate subject does not match remote hostname.')
author	Roger Light <roger@atchoo.org>
	Sat, 7 Dec 2013 23:20:08 +0000 (23:20 +0000)
committer	Roger Light <roger@atchoo.org>
	Mon, 3 Feb 2014 21:20:22 +0000 (21:20 +0000)