o À\"ã@s¶dZddlmZmZmZddlZddlZddlmZddl m Z ddl m Z ddl mZdd lmZmZmZmZmZmZmZmZdd lmZd gZd d „Zd d„Ze dƒZdd„ZdS)zA `pyOpenSSL `_-specific code. é)Úabsolute_importÚdivisionÚprint_functionN)Údecode)Ú IA5String)ÚObjectIdentifier)Ú GeneralNamesé)ÚDNS_IDÚCertificateErrorÚ DNSPatternÚ IPAddress_IDÚIPAddressPatternÚ SRVPatternÚ URIPatternÚverify_service_identity)ÚSubjectAltNameWarningÚverify_hostnamecCó tt| ¡ƒt|ƒggddS)a? Verify whether the certificate of *connection* is valid for *hostname*. :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object. :param unicode hostname: The hostname that *connection* should be connected to. :raises service_identity.VerificationError: If *connection* does not provide a certificate that is valid for *hostname*. :raises service_identity.CertificateError: If the certificate chain of *connection* contains a certificate that contains invalid/unexpected data. :returns: ``None`` ©Z cert_patternsZobligatory_idsZ optional_idsN)rÚ extract_idsÚget_peer_certificater )Ú connectionZhostname©rú„s  ÿÿzextract_ids..s cSsg|]}t|ƒ‘qSr)r rrrrrˆszîCertificate with CN '%s' has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. service_identity will remove the support for it in mid-2018.zutf-8é)Ú stacklevel)ÚsixZmovesÚrangeZget_extension_countZ get_extensionZget_short_namerÚget_datarZgetNameÚappendr Z getComponentZasOctetsrÚ from_bytesrZgetComponentByPositionÚ ID_ON_DNS_SRVÚ isinstancerrr Z get_subjectZget_componentsÚnextÚiterÚwarningsÚwarnr) ZcertZidsÚiÚextÚnamesÚ_ÚnZ name_stringÚcompZoidZsrvZ componentsZcnrrrrSsX    ÿÿ  ÿ€ ÿ üù r)Ú__doc__Z __future__rrrr+r"Zpyasn1.codec.der.decoderrZpyasn1.type.charrZpyasn1.type.univrZpyasn1_modules.rfc2459rZ_commonr r r r rrrrÚ exceptionsrÚ__all__rrr'rrrrrÚs    (