Fix to SubjectAltNames support check - should only be enabled if pyas…

…n1 is installed. git-svn-id: http://proj.badc.rl.ac.uk/svn/ndg-security/trunk/ndg_httpsclient@8206 051b1e3e-aa0c-0410-b6c2-bfbade6052be
Gu1 · Oct 23, 2012 · 69d29db · 69d29db
1 parent ee7d8ca
commit 69d29db
Showing 1 changed file with 12 additions and 5 deletions.
diff --git a/ndg/httpsclient/ssl_peer_verification.py b/ndg/httpsclient/ssl_peer_verification.py
@@ -13,9 +13,16 @@
 try:
     from ndg.httpsclient.subj_alt_name import SubjectAltName
     from pyasn1.codec.der import decoder as der_decoder
-    subj_alt_name_support = True
+    SUBJ_ALT_NAME_SUPPORT = True
 except ImportError, e:
-    subj_alt_name_support = False
+    SUBJ_ALT_NAME_SUPPORT = False
+    SUBJ_ALT_NAME_SUPPORT_MSG = (
+        'SubjectAltName support is disabled - check pyasn1 package '
+        'installation to enable'
+    )
+    import warnings
+    warnings.warn(SUBJ_ALT_NAME_SUPPORT_MSG)
+
 
 class ServerSSLCertVerification(object):
     """Check server identity.  If hostname doesn't match, allow match of
@@ -64,12 +71,12 @@ def __init__(self, certDN=None, hostname=None, subj_alt_name_match=True):
             self.hostname = hostname
 
         if subj_alt_name_match:
-            if not subj_alt_name_support:
+            if not SUBJ_ALT_NAME_SUPPORT:
                 log.warning('Overriding "subj_alt_name_match" keyword setting: '
                             'peer verification with subjectAltNames is disabled')
                 self.__subj_alt_name_match = False
-
-            self.__subj_alt_name_match = True
+            else:    
+                self.__subj_alt_name_match = True
         else:
             log.debug('Disabling peer verification with subject '
                       'subjectAltNames!')