From: Roger A. Light Date: Tue, 13 Jan 2015 00:25:34 +0000 (+0000) Subject: [440547] Add support for wildcard certificates. X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=7a2b6ff73575b5953ac8d9579f7936206c198acf;p=packages%2Fp%2Fpaho-mqtt.git [440547] Add support for wildcard certificates. Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=440547 Change-Id: I681f8f67fcd476b70825146416886562369fee0e --- diff --git a/ChangeLog.txt b/ChangeLog.txt index 6e1886a..462abf8 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,9 @@ +v1.1 - 2015-01-30 +================= + +- Add support for wildcard certificates. Closes #440547. + + v1.0.2 - 2014-09-13 =================== diff --git a/src/paho/mqtt/client.py b/src/paho/mqtt/client.py index 72c5505..096aec8 100755 --- a/src/paho/mqtt/client.py +++ b/src/paho/mqtt/client.py @@ -2277,6 +2277,23 @@ class Client(object): self.loop_forever() + def _host_matches_cert(self, host, cert_host): + if cert_host[0:2] == "*.": + if cert_host.count("*") != 1: + return False + + host_match = host.split(".", 1)[1] + cert_match = cert_host.split(".", 1)[1] + if host_match == cert_match: + return True + else: + return False + else: + if host == cert_host: + return True + else: + return False + def _tls_match_hostname(self): cert = self._ssl.getpeercert() san = cert.get('subjectAltName') @@ -2285,7 +2302,7 @@ class Client(object): for (key, value) in san: if key == 'DNS': have_san_dns = True - if value.lower() == self._host.lower(): + if self._host_matches_cert(self._host.lower(), value.lower()) == True: return if key == 'IP Address': have_san_dns = True @@ -2299,7 +2316,7 @@ class Client(object): if subject: for ((key, value),) in subject: if key == 'commonName': - if value.lower() == self._host.lower(): + if self._host_matches_cert(self._host.lower(), value.lower()) == True: return raise ssl.SSLError('Certificate subject does not match remote hostname.')