Domain checks for persistent cert store is now irrelevant.

We no longer store these on disk, so we don't care about path components.
2024-11-23 00:01:36 +00:00 · 2013-12-08 13:15:08 +13:00 · 2013-12-08 13:15:08 +13:00 · d05c20d8fa
commit d05c20d8fa
parent 75745cb0af
3 changed files with 3 additions and 25 deletions
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@ -116,18 +116,6 @@ class CertStore:
    def __init__(self):
        self.certs = {}

-    def check_domain(self, commonname):
-        try:
-            commonname.decode("idna")
-            commonname.decode("ascii")
-        except:
-            return False
-        if ".." in commonname:
-            return False
-        if "/" in commonname:
-            return False
-        return True
-
    def get_cert(self, commonname, sans, cacert):
        """
            Returns an SSLCert object.
@ -141,8 +129,6 @@ class CertStore:

            Return None if the certificate could not be found or generated.
        """
-        if not self.check_domain(commonname):
-            return None
        if commonname in self.certs:
            return self.certs[commonname]
        c = dummy_cert(cacert, commonname, sans)
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@ -346,8 +346,9 @@ class BaseHandler:
                self.connection.sock_shutdown(socket.SHUT_WR)
            else:
                self.connection.shutdown(socket.SHUT_WR)
-            #Section 4.2.2.13 of RFC 1122 tells us that a close() with any pending readable data could lead to an immediate RST being sent.
-            #http://ia600609.us.archive.org/22/items/TheUltimateSo_lingerPageOrWhyIsMyTcpNotReliable/the-ultimate-so_linger-page-or-why-is-my-tcp-not-reliable.html
+            # Section 4.2.2.13 of RFC 1122 tells us that a close() with any
+            # pending readable data could lead to an immediate RST being sent.
+            # http://ia600609.us.archive.org/22/items/TheUltimateSo_lingerPageOrWhyIsMyTcpNotReliable/the-ultimate-so_linger-page-or-why-is-my-tcp-not-reliable.html
            while self.connection.recv(4096):
                pass
        except (socket.error, SSL.Error):
--- a/test/test_certutils.py
+++ b/test/test_certutils.py
@ -32,15 +32,6 @@ class TestCertStore:
            assert c.get_cert("foo.com", [], ca)
            assert c.get_cert("*.foo.com", [], ca)

-    def test_check_domain(self):
-        c = certutils.CertStore()
-        assert c.check_domain("foo")
-        assert c.check_domain("\x01foo")
-        assert not c.check_domain("\xfefoo")
-        assert not c.check_domain("xn--\0")
-        assert not c.check_domain("foo..foo")
-        assert not c.check_domain("foo/foo")
-

 class TestDummyCert:
    def test_with_ca(self):