--- a/tests/test-url.py Sat Jan 08 21:52:25 2011 +0900
+++ b/tests/test-url.py Sun Jan 09 00:35:36 2011 +0900
@@ -25,6 +25,18 @@
check(_verifycert(cert('*.example.com'), 'w.w.example.com'),
'certificate is for *.example.com')
+# Test subjectAltName
+san_cert = {'subject': ((('commonName', 'example.com'),),),
+ 'subjectAltName': (('DNS', '*.example.net'),
+ ('DNS', 'example.net'))}
+check(_verifycert(san_cert, 'example.net'),
+ None)
+check(_verifycert(san_cert, 'foo.example.net'),
+ None)
+# subject is only checked when subjectAltName is empty
+check(_verifycert(san_cert, 'example.com'),
+ 'certificate is for *.example.net, example.net')
+
# Avoid some pitfalls
check(_verifycert(cert('*.foo'), 'foo'),
'certificate is for *.foo')
@@ -33,7 +45,7 @@
check(_verifycert({'subject': ()},
'example.com'),
- 'no commonName found in certificate')
+ 'no commonName or subjectAltName found in certificate')
check(_verifycert(None, 'example.com'),
'no certificate received')