diff -up backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py.orig backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py
--- backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py.orig 2010-10-15 17:40:13.000000000 -0500
+++ backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py 2013-02-05 17:24:13.706427017 -0600
@@ -2,7 +2,7 @@
import re
-__version__ = '3.2a3'
+__version__ = '3.2.2'
class CertificateError(ValueError):
pass
@@ -37,8 +37,9 @@ def match_hostname(cert, hostname):
if _dnsname_to_pat(value).match(hostname):
return
dnsnames.append(value)
- if not san:
- # The subject is only checked when subjectAltName is empty
+ if not dnsnames:
+ # The subject is only checked when there is no dNSName entry
+ # in subjectAltName
for sub in cert.get('subject', ()):
for key, value in sub:
# XXX according to RFC 2818, the most specific Common Name