From 728ef107a00e7d6cef0c7d826f39a89197ddb732 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Tue, 24 Jul 2012 14:55:54 +1200
Subject: Ignore SAN entries that we don't understand.

---
 netlib/certutils.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'netlib/certutils.py')

diff --git a/netlib/certutils.py b/netlib/certutils.py
index 1f61132e..f55a096b 100644
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@@ -1,6 +1,7 @@
 import os, ssl, hashlib, socket, time, datetime
 from pyasn1.type import univ, constraint, char, namedtype, tag
 from pyasn1.codec.der.decoder import decode
+from pyasn1.error import PyAsn1Error
 import OpenSSL
 import tcp
 
@@ -217,7 +218,10 @@ class SSLCert:
         for i in range(self.x509.get_extension_count()):
             ext = self.x509.get_extension(i)
             if ext.get_short_name() == "subjectAltName":
-                dec = decode(ext.get_data(), asn1Spec=_GeneralNames())
+                try:
+                    dec = decode(ext.get_data(), asn1Spec=_GeneralNames())
+                except PyAsn1Error:
+                    continue
                 for i in dec[0]:
                     altnames.append(i[0].asOctets())
         return altnames
-- 
cgit v1.2.3