wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check names in verify callback.

Browse Source
This commit is contained in:
Eric Blankenhorn
2019-10-16 15:08:30 -05:00
parent 6bc16a4acb
commit 9fc33e461c
1 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/internal.c
View File

@@ -9339,13 +9339,24 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
#endif
#if defined(OPENSSL_EXTRA)
/* perform domain name check on the peer certificate */
if (args->dCertInit && args->dCert && args->dCert->subjectCN \
&& ssl->param && ssl->param->hostName[0]) {
if(XSTRSTR(args->dCert->subjectCN, ssl->param->hostName) == NULL) {
if (args->dCertInit && args->dCert &&
ssl->param && ssl->param->hostName[0]) {
/* If altNames names is present, then subject common name is ignored */
if (args->dCert->altNames != NULL) {
if (CheckAltNames(args->dCert, ssl->param->hostName) == 0 ) {
return VERIFY_CERT_ERROR;
}
}
else {
if (args->dCert->subjectCN) {
if (MatchDomainName(args->dCert->subjectCN,
args->dCert->subjectCNLen,
ssl->param->hostName) == 0) {
return VERIFY_CERT_ERROR;
}
}
}
}
#endif
/* if verify callback has been set */
if (use_cb && ssl->verifyCallback) {