From: Roger Light <roger@atchoo.org>
Date: Sat, 7 Dec 2013 23:20:08 +0000 (+0000)
Subject: Fix TLS subjectAltName verification.
X-Git-Tag: v0.9~47
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=f1b3b685c57f27979fc1363de8098b5973073d68;p=packages%2Fp%2Fpaho-mqtt.git

Fix TLS subjectAltName verification.
---

diff --git a/src/paho/mqtt/client.py b/src/paho/mqtt/client.py
index f3fd15d..1a72c79 100755
--- a/src/paho/mqtt/client.py
+++ b/src/paho/mqtt/client.py
@@ -2008,7 +2008,11 @@ class Client:
             for ((key,value),) in san:
                 if key == 'DNS':
                     have_san_dns = True
-                    if value == self._host:
+                    if value.lower() == self._host.lower():
+                        return
+                if key == 'IP Address':
+                    have_san_dns = True
+                    if value.lower() == self._host.lower():
                         return
 
             if have_san_dns:
@@ -2018,7 +2022,7 @@ class Client:
         if subject:
             for ((key,value),) in subject:
                 if key == 'commonName':
-                    if value == self._host:
+                    if value.lower() == self._host.lower():
                         return
 
         raise ssl.SSLError('Certificate subject does not match remote hostname.')