Add test for match_hostname.

urllib3 · Apr 21, 2021 · 975f7ae · 975f7ae
1 parent a47fe23
commit 975f7ae
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/test/test_connection.py b/test/test_connection.py
@@ -47,6 +47,36 @@ def test_match_hostname_mismatch(self):
             )
             assert e._peer_cert == cert
 
+    def test_match_hostname_no_dns(self):
+        cert = {"subjectAltName": [("DNS", "")]}
+        asserted_hostname = "bar"
+        try:
+            with mock.patch("urllib3.connection.log.warning") as mock_log:
+                _match_hostname(cert, asserted_hostname)
+        except CertificateError as e:
+            assert "hostname 'bar' doesn't match ''" in str(e)
+            mock_log.assert_called_once_with(
+                "Certificate did not match expected hostname: %s. Certificate: %s",
+                "bar",
+                {"subjectAltName": [("DNS", "")]},
+            )
+            assert e._peer_cert == cert
+
+    def test_match_hostname_startwith_wildcard(self):
+        cert = {"subjectAltName": [("DNS", "*")]}
+        asserted_hostname = "foo"
+        _match_hostname(cert, asserted_hostname)
+
+    def test_match_hostname_dnsname(self):
+        cert = {"subjectAltName": [("DNS", "xn--p1b6ci4b4b3a*.xn--11b5bs8d")]}
+        asserted_hostname = "xn--p1b6ci4b4b3a*.xn--11b5bs8d"
+        _match_hostname(cert, asserted_hostname)
+
+    def test_match_hostname_include_wildcard(self):
+        cert = {"subjectAltName": [("DNS", "foo*")]}
+        asserted_hostname = "foobar"
+        _match_hostname(cert, asserted_hostname)
+
     def test_match_hostname_ignore_common_name(self):
         cert = {"subject": [("commonName", "foo")]}
         asserted_hostname = "foo"
@@ -56,6 +86,21 @@ def test_match_hostname_ignore_common_name(self):
         ):
             match_hostname(cert, asserted_hostname)
 
+    def test_match_hostname_ip_address(self):
+        cert = {"subjectAltName": [("IP Address", "1.1.1.1")]}
+        asserted_hostname = "1.1.1.2"
+        try:
+            with mock.patch("urllib3.connection.log.warning") as mock_log:
+                _match_hostname(cert, asserted_hostname)
+        except CertificateError as e:
+            assert "hostname '1.1.1.2' doesn't match '1.1.1.1'" in str(e)
+            mock_log.assert_called_once_with(
+                "Certificate did not match expected hostname: %s. Certificate: %s",
+                "1.1.1.2",
+                {"subjectAltName": [("IP Address", "1.1.1.1")]},
+            )
+            assert e._peer_cert == cert
+
     def test_recent_date(self):
         # This test is to make sure that the RECENT_DATE value
         # doesn't get too far behind what the current date is.