Commit e015e48a authored by Alexandre's avatar Alexandre
Browse files

Make functions "private"

Use an underscore '_' in front of the function name.
parent bdfe14da
......@@ -194,7 +194,7 @@ def is_valid_url(url):
except ValueError:
return False
def get_certificate_san(x509cert):
def _get_certificate_san(x509cert):
san = ""
ext_count = x509cert.get_extension_count()
for i in range(0, ext_count):
......@@ -204,7 +204,7 @@ def get_certificate_san(x509cert):
return san
# Try one possible name. Names must be already canonicalized.
def match_hostname(hostname, possibleMatch):
def _match_hostname(hostname, possibleMatch):
if possibleMatch.startswith("*."): # Wildcard
base = possibleMatch[1:] # Skip the star
# RFC 6125 says that we MAY accept left-most labels with
......@@ -222,16 +222,16 @@ def match_hostname(hostname, possibleMatch):
return hostname == possibleMatch
# Try all the names in the certificate
def validate_hostname(hostname, cert):
def _validate_hostname(hostname, cert):
# Complete specification is in RFC 6125. It is long and
# complicated and I'm not sure we do it perfectly.
(is_addr, family) = is_valid_ip_address(hostname)
hostname = canonicalize(hostname)
for alt_name in get_certificate_san(cert).split(", "):
for alt_name in _get_certificate_san(cert).split(", "):
if alt_name.startswith("DNS:") and not is_addr:
(start, base) = alt_name.split("DNS:")
base = canonicalize(base)
found = match_hostname(hostname, base)
found = _match_hostname(hostname, base)
if found:
return True
elif alt_name.startswith("IP Address:") and is_addr:
......@@ -250,7 +250,7 @@ def validate_hostname(hostname, cert):
# accept URI alternative names for DoH,
# According to RFC 6125, we MUST NOT try the Common Name before the Subject Alternative Names.
cn = canonicalize(cert.get_subject().commonName)
found = match_hostname(hostname, cn)
found = _match_hostname(hostname, cn)
if found:
return True
return False
......@@ -516,7 +516,7 @@ class ConnectionDoT(Connection):
if not self.insecure:
if opts.key is None:
valid = validate_hostname(self.check_name_cert, self.cert)
valid = _validate_hostname(self.check_name_cert, self.cert)
if not valid:
error("Certificate error: \"%s\" is not in the certificate" % (self.check_name_cert), exit=False)
return False
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment