def check_host_name(peercert, name): """Simple certificate/host name checker. Returns True if the certificate matches, False otherwise. Does not support wildcards.""" # Check that the peer has supplied a certificate. # None/{} is not acceptable. if not peercert: return False if peercert.has_key("subjectAltName"): for typ, val in peercert["subjectAltName"]: if typ == "DNS" and val == name: return True else: # Only check the subject DN if there is no subject alternative # name. cn = None for attr, val in peercert["subject"]: # Use most-specific (last) commonName attribute. if attr == "commonName": cn = val if cn is not None: return cn == name return False