diff options
| author | Vincent Richard <[email protected]> | 2013-04-26 18:58:04 +0000 |
|---|---|---|
| committer | Vincent Richard <[email protected]> | 2013-04-26 18:58:04 +0000 |
| commit | 3f1c50755582b17225ad91b66baa5dc4032f9834 (patch) | |
| tree | a3e38920afd149780bc47b5a7149eb38cd547495 /src/security/cert/openssl/X509Certificate_OpenSSL.cpp | |
| parent | Fixed invalid buffer access. (diff) | |
| download | vmime-3f1c50755582b17225ad91b66baa5dc4032f9834.tar.gz vmime-3f1c50755582b17225ad91b66baa5dc4032f9834.zip | |
Issue #36: added support for wildcard in Common Name when verifying host name (thanks to Anthony Dervish).
Diffstat (limited to 'src/security/cert/openssl/X509Certificate_OpenSSL.cpp')
| -rw-r--r-- | src/security/cert/openssl/X509Certificate_OpenSSL.cpp | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/security/cert/openssl/X509Certificate_OpenSSL.cpp b/src/security/cert/openssl/X509Certificate_OpenSSL.cpp index af38d503..056631ec 100644 --- a/src/security/cert/openssl/X509Certificate_OpenSSL.cpp +++ b/src/security/cert/openssl/X509Certificate_OpenSSL.cpp @@ -344,6 +344,24 @@ bool X509Certificate_OpenSSL::verify(ref <const X509Certificate> caCert_) const } +// static +bool X509Certificate_OpenSSL::cnMatch(const char* cnBuf, const char* host) +{ + // Right-to-left match, looking for a '*' wildcard + const bool hasWildcard = (strlen(cnBuf) > 1 && cnBuf[0] == '*' && cnBuf[1] == '.'); + const char* cnBufReverseEndPtr = (cnBuf + (hasWildcard ? 2 : 0)); + const char* hostPtr = host + strlen(host); + const char* cnPtr = cnBuf + strlen(cnBuf); + + bool matches = true; + + while (matches && --hostPtr >= host && --cnPtr >= cnBufReverseEndPtr) + matches = (toupper(*hostPtr) == toupper(*cnPtr)); + + return matches; +} + + bool X509Certificate_OpenSSL::verifyHostName(const string& hostname) const { // First, check subject common name against hostname @@ -354,7 +372,7 @@ bool X509Certificate_OpenSSL::verifyHostName(const string& hostname) const if (X509_NAME_get_text_by_NID(xname, NID_commonName, CNBuffer, sizeof(CNBuffer)) != -1) { - if (strcasecmp(CNBuffer, hostname.c_str()) == 0) + if (cnMatch(CNBuffer, hostname.c_str())) return true; } |