forked from wolfSSL/wolfssl
perform domain name check on the peer certificate
This commit is contained in:
Tesfa Mael
@ -9054,7 +9054,16 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
|
|||||||
use_cb = 1;
|
use_cb = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(OPENSSL_EXTRA)
|
||||||
|
/* perform domain name check on the peer certificate */
|
||||||
|
if (args->dCertInit && args->dCert && args->dCert->subjectCN \
|
||||||
|
&& ssl->param && ssl->param->hostName[0]) {
|
||||||
|
|
||||||
|
if(XSTRSTR(args->dCert->subjectCN, ssl->param->hostName) == NULL) {
|
||||||
|
return VERIFY_CERT_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
/* if verify callback has been set */
|
/* if verify callback has been set */
|
||||||
if (use_cb && ssl->verifyCallback) {
|
if (use_cb && ssl->verifyCallback) {
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
|||||||
23
src/ssl.c
23
src/ssl.c
@ -16672,6 +16672,9 @@ WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
|
|||||||
*
|
*
|
||||||
* RETURNS:
|
* RETURNS:
|
||||||
* The beginning of the hash digest. Otherwise, returns zero.
|
* The beginning of the hash digest. Otherwise, returns zero.
|
||||||
|
* Note:
|
||||||
|
* Returns a different hash value from OpenSSL's X509_subject_name_hash() API
|
||||||
|
* depending on the subject name.
|
||||||
*/
|
*/
|
||||||
unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
|
unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
|
||||||
{
|
{
|
||||||
@ -19738,21 +19741,31 @@ void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx,
|
|||||||
* RETURNS:
|
* RETURNS:
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
void wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
|
int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
|
||||||
const char* name,
|
const char* name,
|
||||||
unsigned int nameSz)
|
unsigned int nameSz)
|
||||||
{
|
{
|
||||||
if (pParam == NULL)
|
if (pParam == NULL)
|
||||||
return;
|
return WOLFSSL_FAILURE;
|
||||||
|
|
||||||
XMEMSET(pParam->hostName, 0, WOLFSSL_HOST_NAME_MAX);
|
XMEMSET(pParam->hostName, 0, WOLFSSL_HOST_NAME_MAX);
|
||||||
|
/* If name is NUL-terminated, namelen can be set to zero. */
|
||||||
|
if(name && (nameSz == 0))
|
||||||
|
nameSz = XSTRLEN(name);
|
||||||
|
|
||||||
if (nameSz > WOLFSSL_HOST_NAME_MAX)
|
if (nameSz > 0 && name[nameSz - 1] == '\0')
|
||||||
nameSz = WOLFSSL_HOST_NAME_MAX;
|
nameSz--;
|
||||||
|
|
||||||
|
if (nameSz > WOLFSSL_HOST_NAME_MAX-1)
|
||||||
|
nameSz = WOLFSSL_HOST_NAME_MAX-1;
|
||||||
|
|
||||||
if (nameSz > 0)
|
if (nameSz > 0)
|
||||||
XMEMCPY(pParam->hostName, name, nameSz);
|
XMEMCPY(pParam->hostName, name, nameSz);
|
||||||
pParam->hostName[WOLFSSL_HOST_NAME_MAX-1] = '\0';
|
|
||||||
|
pParam->hostName[nameSz] = '\0';
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
|
||||||
}
|
}
|
||||||
/******************************************************************************
|
/******************************************************************************
|
||||||
* wolfSSL_get0_param - return a pointer to the SSL verification parameters
|
* wolfSSL_get0_param - return a pointer to the SSL verification parameters
|
||||||
|
|||||||
@ -1018,7 +1018,7 @@ WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
|
|||||||
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
|
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
|
||||||
unsigned long flags,
|
unsigned long flags,
|
||||||
time_t t);
|
time_t t);
|
||||||
WOLFSSL_API void wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
|
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
|
||||||
const char* name,
|
const char* name,
|
||||||
unsigned int nameSz);
|
unsigned int nameSz);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user