OwlCyberSecurity - MANAGER
Edit File: pyopenssl.pyc
� V��ac @` s� d Z d d l m Z m Z m Z d d l Z d d l Z d d l m Z d d l m Z d d l m Z d d l m Z d d l m Z m Z m Z m Z m Z m Z m Z m Z d d l m Z d g Z d � Z d � Z e d � Z d � Z d S( sA `pyOpenSSL <https://github.com/pyca/pyopenssl>`_-specific code. i ( t absolute_importt divisiont print_functionN( t decode( t IA5String( t ObjectIdentifier( t GeneralNamesi ( t DNS_IDt CertificateErrort DNSPatternt IPAddress_IDt IPAddressPatternt SRVPatternt URIPatternt verify_service_identity( t SubjectAltNameWarningt verify_hostnamec C` s2 t d t | j � � d t | � g d g � d S( s? Verify whether the certificate of *connection* is valid for *hostname*. :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object. :param unicode hostname: The hostname that *connection* should be connected to. :raises service_identity.VerificationError: If *connection* does not provide a certificate that is valid for *hostname*. :raises service_identity.CertificateError: If the certificate chain of *connection* contains a certificate that contains invalid/unexpected data. :returns: ``None`` t cert_patternst obligatory_idst optional_idsN( R t extract_idst get_peer_certificateR ( t connectiont hostname( ( s] /opt/cpanel-ccs/.develop/virtualenv/lib/python2.7/site-packages/service_identity/pyopenssl.pyR s c C` s2 t d t | j � � d t | � g d g � d S( s� Verify whether the certificate of *connection* is valid for *ip_address*. :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object. :param unicode ip_address: The IP address that *connection* should be connected to. Can be an IPv4 or IPv6 address. :raises service_identity.VerificationError: If *connection* does not provide a certificate that is valid for *ip_address*. :raises service_identity.CertificateError: If the certificate chain of *connection* contains a certificate that contains invalid/unexpected data. :returns: ``None`` .. versionadded:: 18.1.0 R R R N( R R R R ( R t ip_address( ( s] /opt/cpanel-ccs/.develop/virtualenv/lib/python2.7/site-packages/service_identity/pyopenssl.pyt verify_ip_address7 s s 1.3.6.1.5.5.7.8.7c C` sC g } x�t j j | j � � D]�} | j | � } | j � d k r t | j � d t � �\ } } x5| D]*} | j � } | d k r� | j t | j � j � � � qn | d k r� | j t j | j � j � � � qn | d k r | j t | j � j � � � qn | d k rn | j � } | j d � } | t k r�t | j d � � \ } } t | t � r�| j t | j � � � q�t d � � q�qn qn Wq q W| s?g | j � j � D] } | d d k r�| d ^ q�} t t | � d � } g | D] } t | � ^ q�} t j d | j d � f t d d �n | S( s Extract all valid IDs from a certificate for service verification. If *cert* doesn't contain any identifiers, the ``CN``s are used as DNS-IDs as fallback. :param OpenSSL.SSL.X509 cert: The certificate to be dissected. :return: List of IDs. t subjectAltNamet asn1Spect dNSNamet iPAddresst uniformResourceIdentifiert otherNamei i s Unexpected certificate content.t CNs <not given>s� Certificate with CN '%s' has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. service-identity will remove the support for it in mid-2018.s utf-8t stackleveli ( t sixt movest ranget get_extension_countt get_extensiont get_short_nameR t get_dataR t getNamet appendR t getComponentt asOctetsR t from_bytesR t getComponentByPositiont ID_ON_DNS_SRVt isinstanceR R R t get_subjectt get_componentst nextt itert warningst warnR ( t certt idst it extt namest _t nt name_stringt compt oidt srvt ct componentst cn( ( s] /opt/cpanel-ccs/.develop/virtualenv/lib/python2.7/site-packages/service_identity/pyopenssl.pyR S sH ! ""9 ( t __doc__t __future__R R R R5 R"