commit 292a68fc23d1b611f2cb5e31438ef4593070d03d parent 37e2c671e492137e18b57b780f1475cf0981ebc8 Author: Björn Wärmedal <bjorn.warmedal@storytel.com> Date: Wed, 6 Oct 2021 11:07:08 +0200 Removed a bunch of unnecessary certificate checks. Diffstat:
| M | av98.py | | | 26 | -------------------------- |
1 file changed, 0 insertions(+), 26 deletions(-)
diff --git a/av98.py b/av98.py @@ -775,32 +775,6 @@ you'll be able to transparently follow links to Gopherspace!""") # the standard ssl library... c = x509.load_der_x509_certificate(cert, _BACKEND) - # Check certificate validity dates - if c.not_valid_before >= now: - raise CertificateError("Certificate not valid until: {}!".format(c.not_valid_before)) - elif c.not_valid_after <= now: - raise CertificateError("Certificate expired as of: {})!".format(c.not_valid_after)) - - # Check certificate hostnames - names = [] - common_name = c.subject.get_attributes_for_oid(x509.oid.NameOID.COMMON_NAME) - if common_name: - names.append(common_name[0].value) - try: - names.extend([alt.value for alt in c.extensions.get_extension_for_oid(x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME).value]) - except x509.ExtensionNotFound: - pass - names = set(names) - for name in names: - try: - ssl._dnsname_match(name, host) - break - except CertificateError: - continue - else: - # If we didn't break out, none of the names were valid - raise CertificateError("Hostname does not match certificate common name or any alternative names.") - sha = hashlib.sha256() sha.update(cert) fingerprint = sha.hexdigest()