def _match_subject_ip(cert, subject_ip, compare_func=operator.eq):
alt_names = cert.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
ips = alt_names.value.get_values_for_type(x509.IPAddress)
subject_ip = ipaddress.ip_address(subject_ip)
if not any(compare_func(ip, subject_ip) for ip in ips):
if len(ips) > 1:
raise InvalidCertificate("Subject ip %s doesn't match either of %s" % (subject_ip, ', '.join(map(repr, ips))))
elif len(ips) == 1:
raise InvalidCertificate("Subject ip %s doesn't match %s" % (subject_ip, ips[0]))
else:
raise InvalidCertificate("No appropriate subjectAltName IPAddress fields were found")
评论列表
文章目录
