From 535f493c0291d1a6acb31bdaf939bf62df6aae44 Mon Sep 17 00:00:00 2001 From: "Bjarni R. Einarsson" Date: Mon, 25 Nov 2019 17:57:36 +0000 Subject: [PATCH] Fix py3/py2 encoding mismatch in TLS hostname verification --- sockschain/__init__.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sockschain/__init__.py b/sockschain/__init__.py index ca75fcf..3bf690d 100755 --- a/sockschain/__init__.py +++ b/sockschain/__init__.py @@ -61,6 +61,11 @@ def sha1hex(data): def SSL_CheckName(commonName, digest, valid_names): + try: + digest = str(digest, 'iso-8859-1') + except TypeError: + pass + digest = digest.replace(':', '') pairs = [(commonName, '%s/%s' % (commonName, digest))] valid = 0 @@ -99,7 +104,7 @@ def vcb(conn, x509, errno, depth, rc): if errno != 0: return False if depth != 0: return True return (SSL_CheckName(x509.get_subject().commonName.lower(), - x509.digest('sha1').replace(':',''), + x509.digest('sha1'), verify_names) > 0) ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, vcb)