Issue python#18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger

tiran · tiran · commit 8f65ef8853c0 · 2013-08-25T14:12:41.000+02:00
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
@@ -102,13 +102,21 @@ def test_parse_cert_CVE_2013_4073(self):
                    (('emailAddress', 'python-dev@python.org'),))
         self.assertEqual(p['subject'], subject)
         self.assertEqual(p['issuer'], subject)
-        self.assertEqual(p['subjectAltName'],
-                         (('DNS', 'altnull.python.org\x00example.com'),
-                         ('email', 'null@python.org\x00user@example.org'),
-                         ('URI', 'http://null.python.org\x00http://example.org'),
-                         ('IP Address', '192.0.2.1'),
-                         ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
-                        )
+        if ssl._OPENSSL_API_VERSION >= (0, 9, 8):
+            san = (('DNS', 'altnull.python.org\x00example.com'),
+                   ('email', 'null@python.org\x00user@example.org'),
+                   ('URI', 'http://null.python.org\x00http://example.org'),
+                   ('IP Address', '192.0.2.1'),
+                   ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
+        else:
+            # OpenSSL 0.9.7 doesn't support IPv6 addresses in subjectAltName
+            san = (('DNS', 'altnull.python.org\x00example.com'),
+                   ('email', 'null@python.org\x00user@example.org'),
+                   ('URI', 'http://null.python.org\x00http://example.org'),
+                   ('IP Address', '192.0.2.1'),
+                   ('IP Address', '<invalid>'))
+
+        self.assertEqual(p['subjectAltName'], san)
 
     def test_DER_to_PEM(self):
         with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
