wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

requested review changes

Browse Source
This commit is contained in:
Stanislav Klima
2022-06-20 11:27:09 +02:00
parent a0dd92234b
commit 7c827d3a82
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/internal.c
View File

@ -72,6 +72,9 @@
* less). On the other hand, if a valid SessionID is collected, forged * less). On the other hand, if a valid SessionID is collected, forged
* clientHello messages will consume resources on the server. * clientHello messages will consume resources on the server.
* This define is turned off by default. * This define is turned off by default.
* WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
* Certificates without SAN will get rejected during handshake instead of
* trying to match hostname or IP address with subject common name.
*/ */
@ -10500,7 +10503,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL
ret = 0; ret = 0;
} }
#ifndef ONLY_ALT_NAME_VERIFICATION #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
if (checkCN == 1) { if (checkCN == 1) {
if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen, if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
domainName) == 1) { domainName) == 1) {
@ -10510,7 +10513,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL
WOLFSSL_MSG("DomainName match on common name failed"); WOLFSSL_MSG("DomainName match on common name failed");
} }
} }
#endif /* #ifndef ONLY_ALT_NAME_VERIFICATION */ #endif /* # !WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY */
return ret; return ret;
} }
@ -11335,7 +11338,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
} }
} }
} }
#ifndef ONLY_ALT_NAME_VERIFICATION #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
else { else {
if (args->dCert->subjectCN) { if (args->dCert->subjectCN) {
if (MatchDomainName(args->dCert->subjectCN, if (MatchDomainName(args->dCert->subjectCN,
@ -11353,7 +11356,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
ret = DOMAIN_NAME_MISMATCH; ret = DOMAIN_NAME_MISMATCH;
} }
} }
#endif /* #ifndef ONLY_ALT_NAME_VERIFICATION */ #endif /* !WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY */
} }
/* perform IP address check on the peer certificate */ /* perform IP address check on the peer certificate */