wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check names in verify callback.

Browse Source
This commit is contained in:
Eric Blankenhorn
2019-10-16 15:08:30 -05:00
parent 6bc16a4acb
commit 9fc33e461c
1 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/internal.c
View File

@@ -9339,11 +9339,22 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
#endif #endif
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
/* perform domain name check on the peer certificate */ /* perform domain name check on the peer certificate */
if (args->dCertInit && args->dCert && args->dCert->subjectCN \ if (args->dCertInit && args->dCert &&
&& ssl->param && ssl->param->hostName[0]) { ssl->param && ssl->param->hostName[0]) {
/* If altNames names is present, then subject common name is ignored */
if(XSTRSTR(args->dCert->subjectCN, ssl->param->hostName) == NULL) { if (args->dCert->altNames != NULL) {
return VERIFY_CERT_ERROR; if (CheckAltNames(args->dCert, ssl->param->hostName) == 0 ) {
return VERIFY_CERT_ERROR;
}
}
else {
if (args->dCert->subjectCN) {
if (MatchDomainName(args->dCert->subjectCN,
args->dCert->subjectCNLen,
ssl->param->hostName) == 0) {
return VERIFY_CERT_ERROR;
}
}
} }
} }
#endif #endif