def match(self, value):
# This is somewhat terrible. Probably can be better after
# pyca/service_identity#14 is resolved.
target_ids = [
DNSPattern(target_name.encode('utf-8'))
for target_name
in (
value.extensions
.get_extension_for_oid(
ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
.value
.get_values_for_type(x509.DNSName)
)]
ids = [DNS_ID(self.name)]
try:
verify_service_identity(
cert_patterns=target_ids, obligatory_ids=ids, optional_ids=[])
except VerificationError:
return Mismatch(
'{!r} is not valid for {!r}'.format(value, self.name))
评论列表
文章目录