Merge pull request #23 from jescholl/master

Fix certificate validation when using a proxy
author: ben-duo <ben@duosecurity.com> 2017-07-31 12:56:20 -0400
committer: GitHub <noreply@github.com> 2017-07-31 12:56:19 -0400
commit: bfd3bbd09e6630b0052045cdcddbf44c1d2ac5f9 (patch)
tree: 873a34c17badac7f9a010ceaeedf728b3ec86fac
parent: 044a0f954e386367cd793f37a998871711aefec9 (diff)
parent: 3cb70725844195cefebe33701f5bda00fcc42846 (diff)
download: openvpn-duo-plugin-bfd3bbd09e6630b0052045cdcddbf44c1d2ac5f9.tar.gz
openvpn-duo-plugin-bfd3bbd09e6630b0052045cdcddbf44c1d2ac5f9.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/https_wrapper.py b/https_wrapper.py
index 94c0c8a..d798513 100644
--- a/https_wrapper.py
+++ b/https_wrapper.py
@@ -118,7 +118,8 @@ class CertValidatingHTTPSConnection(httplib.HTTPConnection):
                                 ca_certs=self.ca_certs)
     if self.cert_reqs & ssl.CERT_REQUIRED:
       cert = self.sock.getpeercert()
-      hostname = self.host.split(':', 0)[0]
+      cert_validation_host = self._tunnel_host or self.host
+      hostname = cert_validation_host.split(':', 0)[0]
       if not self._ValidateCertificateHostname(cert, hostname):
         raise InvalidCertificateException(hostname, cert, 'hostname mismatch')
author	ben-duo <ben@duosecurity.com>	2017-07-31 12:56:20 -0400
committer	GitHub <noreply@github.com>	2017-07-31 12:56:19 -0400
commit	bfd3bbd09e6630b0052045cdcddbf44c1d2ac5f9 (patch)
tree	873a34c17badac7f9a010ceaeedf728b3ec86fac
parent	044a0f954e386367cd793f37a998871711aefec9 (diff)
parent	3cb70725844195cefebe33701f5bda00fcc42846 (diff)
download	openvpn-duo-plugin-bfd3bbd09e6630b0052045cdcddbf44c1d2ac5f9.tar.gz openvpn-duo-plugin-bfd3bbd09e6630b0052045cdcddbf44c1d2ac5f9.zip