aboutsummaryrefslogtreecommitdiffstats
path: root/src/security/cert/defaultCertificateVerifier.cpp
diff options
context:
space:
mode:
authorVincent Richard <[email protected]>2012-12-10 21:59:19 +0000
committerVincent Richard <[email protected]>2012-12-10 21:59:19 +0000
commit87259631e4f9baf4cafb55a75db16ca9cc20d40e (patch)
tree0a423447f8f028d9b215641d4047666cd2860d48 /src/security/cert/defaultCertificateVerifier.cpp
parentFixed doc for classes in "net" package not being generated. (diff)
downloadvmime-87259631e4f9baf4cafb55a75db16ca9cc20d40e.tar.gz
vmime-87259631e4f9baf4cafb55a75db16ca9cc20d40e.zip
SSL server identity check.
Diffstat (limited to 'src/security/cert/defaultCertificateVerifier.cpp')
-rw-r--r--src/security/cert/defaultCertificateVerifier.cpp15
1 files changed, 12 insertions, 3 deletions
diff --git a/src/security/cert/defaultCertificateVerifier.cpp b/src/security/cert/defaultCertificateVerifier.cpp
index 6fde5519..65f5f476 100644
--- a/src/security/cert/defaultCertificateVerifier.cpp
+++ b/src/security/cert/defaultCertificateVerifier.cpp
@@ -50,7 +50,8 @@ defaultCertificateVerifier::defaultCertificateVerifier(const defaultCertificateV
}
-void defaultCertificateVerifier::verify(ref <certificateChain> chain)
+void defaultCertificateVerifier::verify
+ (ref <certificateChain> chain, const string& hostname)
{
if (chain->getCount() == 0)
return;
@@ -58,13 +59,14 @@ void defaultCertificateVerifier::verify(ref <certificateChain> chain)
const string type = chain->getAt(0)->getType();
if (type == "X.509")
- verifyX509(chain);
+ verifyX509(chain, hostname);
else
throw exceptions::unsupported_certificate_type(type);
}
-void defaultCertificateVerifier::verifyX509(ref <certificateChain> chain)
+void defaultCertificateVerifier::verifyX509
+ (ref <certificateChain> chain, const string& hostname)
{
// For every certificate in the chain, verify that the certificate
// has been issued by the next certificate in the chain
@@ -141,6 +143,13 @@ void defaultCertificateVerifier::verifyX509(ref <certificateChain> chain)
throw exceptions::certificate_verification_exception
("Cannot verify certificate against trusted certificates.");
}
+
+ // Ensure the first certificate's subject name matches server hostname
+ if (!firstCert->verifyHostName(hostname))
+ {
+ throw exceptions::certificate_verification_exception
+ ("Server identity cannot be verified.");
+ }
}
generated by cgit (git 2.51.2) at 2025-11-16 20:09:51 +0000