Fix py3/py2 encoding mismatch in TLS hostname verification

pagekite · Nov 25, 2019 · 535f493 · 535f493
1 parent 7c17013
commit 535f493
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/sockschain/__init__.py b/sockschain/__init__.py
@@ -61,6 +61,11 @@ def sha1hex(data):
 
 
 def SSL_CheckName(commonName, digest, valid_names):
+    try:
+      digest = str(digest, 'iso-8859-1')
+    except TypeError:
+      pass
+    digest = digest.replace(':', '')
     pairs = [(commonName, '%s/%s' % (commonName, digest))]
     valid = 0
 
@@ -99,7 +104,7 @@ def vcb(conn, x509, errno, depth, rc):
                 if errno != 0: return False
                 if depth != 0: return True
                 return (SSL_CheckName(x509.get_subject().commonName.lower(),
-                                      x509.digest('sha1').replace(':',''),
+                                      x509.digest('sha1'),
                                       verify_names) > 0)
             ctx.set_verify(SSL.VERIFY_PEER |
                            SSL.VERIFY_FAIL_IF_NO_PEER_CERT, vcb)