49 check(_verifycert(san_cert, 'example.com'), None) |
49 check(_verifycert(san_cert, 'example.com'), None) |
50 |
50 |
51 # Avoid some pitfalls |
51 # Avoid some pitfalls |
52 check(_verifycert(cert('*.foo'), 'foo'), |
52 check(_verifycert(cert('*.foo'), 'foo'), |
53 'certificate is for *.foo') |
53 'certificate is for *.foo') |
54 check(_verifycert(cert('*o'), 'foo'), |
54 check(_verifycert(cert('*o'), 'foo'), None) |
55 'certificate is for *o') |
|
56 |
55 |
57 check(_verifycert({'subject': ()}, |
56 check(_verifycert({'subject': ()}, |
58 'example.com'), |
57 'example.com'), |
59 'no commonName or subjectAltName found in certificate') |
58 'no commonName or subjectAltName found in certificate') |
60 check(_verifycert(None, 'example.com'), |
59 check(_verifycert(None, 'example.com'), |
80 'certificate is for *.a.com') |
79 'certificate is for *.a.com') |
81 check(_verifycert(cert('*.a.com'), 'a.com'), |
80 check(_verifycert(cert('*.a.com'), 'a.com'), |
82 'certificate is for *.a.com') |
81 'certificate is for *.a.com') |
83 check(_verifycert(cert('*.a.com'), 'Xa.com'), |
82 check(_verifycert(cert('*.a.com'), 'Xa.com'), |
84 'certificate is for *.a.com') |
83 'certificate is for *.a.com') |
85 check(_verifycert(cert('*.a.com'), '.a.com'), None) |
84 check(_verifycert(cert('*.a.com'), '.a.com'), |
|
85 'certificate is for *.a.com') |
86 |
86 |
87 # only match one left-most wildcard |
87 # only match one left-most wildcard |
88 check(_verifycert(cert('f*.com'), 'foo.com'), |
88 check(_verifycert(cert('f*.com'), 'foo.com'), None) |
89 'certificate is for f*.com') |
89 check(_verifycert(cert('f*.com'), 'f.com'), None) |
90 check(_verifycert(cert('f*.com'), 'f.com'), |
|
91 'certificate is for f*.com') |
|
92 check(_verifycert(cert('f*.com'), 'bar.com'), |
90 check(_verifycert(cert('f*.com'), 'bar.com'), |
93 'certificate is for f*.com') |
91 'certificate is for f*.com') |
94 check(_verifycert(cert('f*.com'), 'foo.a.com'), |
92 check(_verifycert(cert('f*.com'), 'foo.a.com'), |
95 'certificate is for f*.com') |
93 'certificate is for f*.com') |
96 check(_verifycert(cert('f*.com'), 'bar.foo.com'), |
94 check(_verifycert(cert('f*.com'), 'bar.foo.com'), |
134 # wildcard in first fragment and IDNA A-labels in sequent fragments |
132 # wildcard in first fragment and IDNA A-labels in sequent fragments |
135 # are supported. |
133 # are supported. |
136 idna = u'www*.pythön.org'.encode('idna').decode('ascii') |
134 idna = u'www*.pythön.org'.encode('idna').decode('ascii') |
137 check(_verifycert(cert(idna), |
135 check(_verifycert(cert(idna), |
138 u'www.pythön.org'.encode('idna').decode('ascii')), |
136 u'www.pythön.org'.encode('idna').decode('ascii')), |
139 'certificate is for www*.xn--pythn-mua.org') |
137 None) |
140 check(_verifycert(cert(idna), |
138 check(_verifycert(cert(idna), |
141 u'www1.pythön.org'.encode('idna').decode('ascii')), |
139 u'www1.pythön.org'.encode('idna').decode('ascii')), |
142 'certificate is for www*.xn--pythn-mua.org') |
140 None) |
143 check(_verifycert(cert(idna), |
141 check(_verifycert(cert(idna), |
144 u'ftp.pythön.org'.encode('idna').decode('ascii')), |
142 u'ftp.pythön.org'.encode('idna').decode('ascii')), |
145 'certificate is for www*.xn--pythn-mua.org') |
143 'certificate is for www*.xn--pythn-mua.org') |
146 check(_verifycert(cert(idna), |
144 check(_verifycert(cert(idna), |
147 u'pythön.org'.encode('idna').decode('ascii')), |
145 u'pythön.org'.encode('idna').decode('ascii')), |
227 check(_verifycert({}, 'example.com'), 'no certificate received') |
225 check(_verifycert({}, 'example.com'), 'no certificate received') |
228 |
226 |
229 # avoid denials of service by refusing more than one |
227 # avoid denials of service by refusing more than one |
230 # wildcard per fragment. |
228 # wildcard per fragment. |
231 check(_verifycert({'subject': (((u'commonName', u'a*b.com'),),)}, |
229 check(_verifycert({'subject': (((u'commonName', u'a*b.com'),),)}, |
232 'axxb.com'), 'certificate is for a*b.com') |
230 'axxb.com'), None) |
233 check(_verifycert({'subject': (((u'commonName', u'a*b.co*'),),)}, |
231 check(_verifycert({'subject': (((u'commonName', u'a*b.co*'),),)}, |
234 'axxb.com'), 'certificate is for a*b.co*') |
232 'axxb.com'), 'certificate is for a*b.co*') |
235 check(_verifycert({'subject': (((u'commonName', u'a*b*.com'),),)}, |
233 check(_verifycert({'subject': (((u'commonName', u'a*b*.com'),),)}, |
236 'axxbxxc.com'), 'certificate is for a*b*.com') |
234 'axxbxxc.com'), |
|
235 'too many wildcards in certificate DNS name: a*b*.com') |
237 |
236 |
238 def test_url(): |
237 def test_url(): |
239 """ |
238 """ |
240 >>> from mercurial.util import url |
239 >>> from mercurial.util import url |
241 |
240 |