o \"@sdZddlmZmZmZddlZddlZddlmZddl m Z ddl m Z ddl mZdd lmZmZmZmZmZmZmZmZdd lmZd gZd d Zd dZe dZddZdS)zA `pyOpenSSL `_-specific code. )absolute_importdivisionprint_functionN)decode) IA5String)ObjectIdentifier) GeneralNames)DNS_IDCertificateError DNSPattern IPAddress_IDIPAddressPattern SRVPattern URIPatternverify_service_identity)SubjectAltNameWarningverify_hostnamecC tt|t|ggddS)a? Verify whether the certificate of *connection* is valid for *hostname*. :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object. :param unicode hostname: The hostname that *connection* should be connected to. :raises service_identity.VerificationError: If *connection* does not provide a certificate that is valid for *hostname*. :raises service_identity.CertificateError: If the certificate chain of *connection* contains a certificate that contains invalid/unexpected data. :returns: ``None``  cert_patternsobligatory_ids optional_idsN)r extract_idsget_peer_certificater ) connectionhostnamers  zextract_ids..s cSsg|]}t|qSr)r r&rrrr)szCertificate with CN '%s' has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. service_identity will remove the support for it in mid-2018.zutf-8) stacklevel)sixmovesrangeget_extension_count get_extensionget_short_namerget_datargetNameappendr getComponentasOctetsr from_bytesrgetComponentByPosition ID_ON_DNS_SRV isinstancerrr get_subjectget_componentsnextiterwarningswarnr) certidsiextnames_n name_stringcompoidsrv componentscnrrrrSsX         r)__doc__ __future__rrrr?r,pyasn1.codec.der.decoderrpyasn1.type.charrpyasn1.type.univrpyasn1_modules.rfc2459r_commonr r r r rrrr exceptionsr__all__rr r9rrrrrs    (