Fix certificate validation when using a proxy

author: Jason Scholl <jason.e.scholl@gmail.com> 2017-07-26 10:22:32 -0700
committer: Jason Scholl <jason.e.scholl@gmail.com> 2017-07-26 10:22:32 -0700
commit: 3cb70725844195cefebe33701f5bda00fcc42846 (patch)
tree: 873a34c17badac7f9a010ceaeedf728b3ec86fac
parent: 044a0f954e386367cd793f37a998871711aefec9 (diff)
download: openvpn-duo-plugin-3cb70725844195cefebe33701f5bda00fcc42846.tar.gz
openvpn-duo-plugin-3cb70725844195cefebe33701f5bda00fcc42846.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/https_wrapper.py b/https_wrapper.py
index 94c0c8a..d798513 100644
--- a/https_wrapper.py
+++ b/https_wrapper.py
@@ -118,7 +118,8 @@ class CertValidatingHTTPSConnection(httplib.HTTPConnection):
                                 ca_certs=self.ca_certs)
     if self.cert_reqs & ssl.CERT_REQUIRED:
       cert = self.sock.getpeercert()
-      hostname = self.host.split(':', 0)[0]
+      cert_validation_host = self._tunnel_host or self.host
+      hostname = cert_validation_host.split(':', 0)[0]
       if not self._ValidateCertificateHostname(cert, hostname):
         raise InvalidCertificateException(hostname, cert, 'hostname mismatch')
author	Jason Scholl <jason.e.scholl@gmail.com>	2017-07-26 10:22:32 -0700
committer	Jason Scholl <jason.e.scholl@gmail.com>	2017-07-26 10:22:32 -0700
commit	3cb70725844195cefebe33701f5bda00fcc42846 (patch)
tree	873a34c17badac7f9a010ceaeedf728b3ec86fac
parent	044a0f954e386367cd793f37a998871711aefec9 (diff)
download	openvpn-duo-plugin-3cb70725844195cefebe33701f5bda00fcc42846.tar.gz openvpn-duo-plugin-3cb70725844195cefebe33701f5bda00fcc42846.zip