feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

requested review changes 2

Browse Source
This commit is contained in:
Stanislav Klima
2022-06-24 15:37:10 +02:00
parent 7c827d3a82
commit ce977e8c0b
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/internal.c
View File

@ -73,8 +73,9 @@
* clientHello messages will consume resources on the server. * clientHello messages will consume resources on the server.
* This define is turned off by default. * This define is turned off by default.
* WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY * WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
* Certificates without SAN will get rejected during handshake instead of * Verify hostname/ip address using alternate name (SAN) only and do not
* trying to match hostname or IP address with subject common name. * use the common name. Forces use of the alternate name, so certificates
* missing SAN will be rejected during the handshake
*/ */
@ -10513,7 +10514,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL
WOLFSSL_MSG("DomainName match on common name failed"); WOLFSSL_MSG("DomainName match on common name failed");
} }
} }
#endif /* # !WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY */ #endif /* !WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY */
return ret; return ret;
} }
@ -11350,7 +11351,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
} }
} }
} }
#else /* #ifndef ONLY_ALT_NAME_VERIFICATION */ #else
else { else {
if (ret == 0) { if (ret == 0) {
ret = DOMAIN_NAME_MISMATCH; ret = DOMAIN_NAME_MISMATCH;