Removed a bunch of unnecessary certificate checks.

2021-10-06 11:07:08 +02:00 · 2021-10-06 11:07:08 +02:00 · 292a68fc23
parent 37e2c671e4
commit 292a68fc23
1 changed files with 0 additions and 26 deletions
--- a/av98.py
+++ b/av98.py
@ -775,32 +775,6 @@ you'll be able to transparently follow links to Gopherspace!""")
            # the standard ssl library...
            c = x509.load_der_x509_certificate(cert, _BACKEND)

-            # Check certificate validity dates
-            if c.not_valid_before >= now:
-                raise CertificateError("Certificate not valid until: {}!".format(c.not_valid_before))
-            elif c.not_valid_after <= now:
-                raise CertificateError("Certificate expired as of: {})!".format(c.not_valid_after))
-
-            # Check certificate hostnames
-            names = []
-            common_name = c.subject.get_attributes_for_oid(x509.oid.NameOID.COMMON_NAME)
-            if common_name:
-                names.append(common_name[0].value)
-            try:
-                names.extend([alt.value for alt in c.extensions.get_extension_for_oid(x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME).value])
-            except x509.ExtensionNotFound:
-                pass
-            names = set(names)
-            for name in names:
-                try:
-                    ssl._dnsname_match(name, host)
-                    break
-                except CertificateError:
-                    continue
-            else:
-                # If we didn't break out, none of the names were valid
-                raise CertificateError("Hostname does not match certificate common name or any alternative names.")
-
        sha = hashlib.sha256()
        sha.update(cert)
        fingerprint = sha.hexdigest()