3 files changed, 22 insertions, 12 deletions

diff --git a/libpathod/pathod.py b/libpathod/pathod.py
index 1506e743..457bdf61 100644
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@@ -22,9 +22,15 @@ class PathodError(Exception):
 
 
 class SSLOptions:
-    def __init__(self, confdir=CONFDIR, cn=None, not_after_connect=None,
-                 request_client_cert=False, sslversion=tcp.SSLv23_METHOD,
-                 ciphers=None, certs=None):
+    def __init__(self,
+                 confdir=CONFDIR,
+                 cn=None,
+                 sans=(),
+                 not_after_connect=None,
+                 request_client_cert=False,
+                 sslversion=tcp.SSLv23_METHOD,
+                 ciphers=None,
+                 certs=None):
         self.confdir = confdir
         self.cn = cn
         self.certstore = certutils.CertStore.from_store(
@@ -37,13 +43,14 @@ class SSLOptions:
         self.request_client_cert = request_client_cert
         self.ciphers = ciphers
         self.sslversion = sslversion
+        self.sans = sans
 
     def get_cert(self, name):
         if self.cn:
             name = self.cn
         elif not name:
             name = DEFAULT_CERT_DOMAIN
-        return self.certstore.get_cert(name, [])
+        return self.certstore.get_cert(name, self.sans)
 
 
 class PathodHandler(tcp.BaseHandler):
@@ -51,7 +58,9 @@ class PathodHandler(tcp.BaseHandler):
     sni = None
 
     def info(self, s):
-        logger.info("%s:%s: %s" % (self.address.host, self.address.port, str(s)))
+        logger.info(
+            "%s:%s: %s" % (self.address.host, self.address.port, str(s))
+        )
 
     def handle_sni(self, connection):
         self.sni = connection.get_servername()
diff --git a/test/test_pathoc.py b/test/test_pathoc.py
index 23b42994..ca67ff1f 100644
--- a/test/test_pathoc.py
+++ b/test/test_pathoc.py
@@ -78,7 +78,10 @@ class _TestDaemon:
 
 class TestDaemonSSL(_TestDaemon):
     ssl = True
-    ssloptions = pathod.SSLOptions(request_client_cert=True)
+    ssloptions = pathod.SSLOptions(
+        request_client_cert=True,
+        sans = ["test1.com", "test2.com"]
+    )
 
     def test_sni(self):
         c = pathoc.Pathoc(
diff --git a/test/test_pathod.py b/test/test_pathod.py
index c966222f..3638960e 100644
--- a/test/test_pathod.py
+++ b/test/test_pathod.py
@@ -206,16 +206,14 @@ class TestDaemon(CommonTests):
 
 class TestDaemonSSL(CommonTests):
     ssl = True
-    def _test_ssl_conn_failure(self):
+
+    def test_ssl_conn_failure(self):
         c = tcp.TCPClient(("localhost", self.d.port))
         c.rbufsize = 0
         c.wbufsize = 0
         c.connect()
-        try:
-            while 1:
-                c.wfile.write("\r\n\r\n\r\n")
-        except:
-            pass
+        c.wfile.write("\0\0\0\0")
+        tutils.raises(tcp.NetLibError, c.convert_to_ssl)
         l = self.d.last_log()
         assert l["type"] == "error"
         assert "SSL" in l["msg"]