Subject Alt Name Matching

1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.

Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.

certs/test/gen-testcerts.sh

@@ -95,3 +95,9 @@ generate_test_cert server-badaltnull www.nomatch.com DER:30:0d:82:0b:6c:6f:63:61
 
 # Generate Bad Alt Name CN=www.nomatch.com, Alt=www.nomatch.com
 generate_test_cert server-badaltname www.nomatch.com www.nomatch.com
+
+# Generate Good Alt Name CN=localhost, Alt=localhost
+generate_test_cert server-localhost localhost localhost
+
+# Generate Bad Alt Name CN=localhost, Alt=garbage
+generate_test_cert server-garbage localhost garbage

certs/test/server-garbage.pem

@@ -0,0 +1,75 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            8e:d8:a3:08:c6:38:a1:db
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Jun 27 19:53:20 2018 GMT
+            Not After : Mar 23 19:53:20 2021 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:garbage
+    Signature Algorithm: sha256WithRSAEncryption
+         57:77:b9:a3:76:83:2a:f1:10:0c:64:02:0a:ad:99:86:55:28:
+         e4:c0:81:a2:a9:f2:af:6d:48:bd:a5:02:49:01:57:33:a8:85:
+         57:f6:65:8c:1a:01:7f:79:0f:af:18:d2:a4:df:03:14:48:40:
+         32:71:f8:44:15:b2:cd:53:d0:53:82:1f:cd:03:a5:68:f6:08:
+         9a:5a:a7:5e:4b:92:aa:dd:46:d4:2b:c1:81:83:df:75:3d:bc:
+         b2:64:43:9f:f1:d2:37:cc:b0:6e:75:b4:2c:9f:1c:1a:17:04:
+         0d:c1:80:a9:9b:64:c6:b4:aa:01:b2:5a:36:20:da:09:80:7f:
+         93:d7:51:be:aa:c1:58:56:f7:3b:0c:53:99:c3:74:99:64:0f:
+         e3:7d:4b:78:24:8e:08:76:15:85:15:30:42:6a:65:80:f5:2d:
+         a5:f4:d9:aa:42:12:5c:cd:68:c7:e7:b8:45:90:2c:dd:52:65:
+         ae:89:14:6e:5a:27:3c:10:05:ae:16:65:fc:04:12:66:07:13:
+         62:e6:a7:05:86:16:5a:7a:3d:9c:71:56:cf:a4:47:f5:7a:8a:
+         5a:bb:a3:d5:47:25:bd:c0:d2:ad:22:af:59:d6:d4:96:a9:b0:
+         05:f4:38:c7:56:46:19:d5:1b:30:9f:46:2e:a4:59:8b:72:e6:
+         a7:83:99:13
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIJAI7YowjGOKHbMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
+VQQLDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZIhvcN
+AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDYyNzE5NTMyMFoXDTIxMDMyMzE5
+NTMyMFowfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
+B0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhv
+c3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
+1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
+lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
+r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
+CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
+wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjFjAUMBIG
+A1UdEQQLMAmCB2dhcmJhZ2UwDQYJKoZIhvcNAQELBQADggEBAFd3uaN2gyrxEAxk
+AgqtmYZVKOTAgaKp8q9tSL2lAkkBVzOohVf2ZYwaAX95D68Y0qTfAxRIQDJx+EQV
+ss1T0FOCH80DpWj2CJpap15LkqrdRtQrwYGD33U9vLJkQ5/x0jfMsG51tCyfHBoX
+BA3BgKmbZMa0qgGyWjYg2gmAf5PXUb6qwVhW9zsMU5nDdJlkD+N9S3gkjgh2FYUV
+MEJqZYD1LaX02apCElzNaMfnuEWQLN1SZa6JFG5aJzwQBa4WZfwEEmYHE2LmpwWG
+Flp6PZxxVs+kR/V6ilq7o9VHJb3A0q0ir1nW1JapsAX0OMdWRhnVGzCfRi6kWYty
+5qeDmRM=
+-----END CERTIFICATE-----

certs/test/server-localhost.pem

@@ -0,0 +1,75 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            e3:7e:ef:46:4d:c8:a3:ab
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Jun 27 19:53:20 2018 GMT
+            Not After : Mar 23 19:53:20 2021 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:localhost
+    Signature Algorithm: sha256WithRSAEncryption
+         35:1a:72:99:61:c0:70:0b:5f:12:67:fa:74:f5:01:2b:d2:5a:
+         77:9f:90:dd:e4:2b:da:b7:dc:02:90:35:2d:41:ab:e3:db:a3:
+         69:12:00:e7:cc:71:6e:b1:81:9d:77:9b:2f:4f:0a:51:03:d7:
+         07:45:fe:61:7e:1f:fc:b6:59:49:39:0a:11:73:63:94:a6:3e:
+         a8:d4:ad:1d:93:fa:5f:cf:ef:fa:52:23:87:7b:d5:ba:56:94:
+         42:a3:05:61:b5:e5:ad:c2:d2:89:b2:0c:84:d1:30:d6:d7:5c:
+         2a:b7:29:f1:4d:b9:ca:7f:e1:4c:ff:ac:a9:1b:37:9d:40:fa:
+         cb:52:45:de:1d:29:ea:61:38:ac:cc:39:0d:46:ee:ff:89:0f:
+         ca:88:b8:f1:28:6c:2c:5f:6f:c1:27:50:e5:3a:21:be:63:07:
+         a7:b9:bc:89:18:f6:f2:a3:5d:56:56:18:32:ce:3d:a4:38:1e:
+         3f:72:3c:12:70:f7:83:74:44:ef:c9:69:fe:9d:ec:5c:e2:d4:
+         29:6f:73:df:18:43:18:91:a1:d7:dd:77:22:41:f2:f7:35:1d:
+         47:30:4b:3f:4e:ee:e0:5f:72:36:3a:c7:54:13:ba:0e:0f:e4:
+         0b:b4:e4:2e:fa:61:36:f5:4b:35:47:a8:06:49:fa:9b:5f:c2:
+         a2:91:85:d9
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIJAON+70ZNyKOrMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD
+VQQLDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZIhvcN
+AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDYyNzE5NTMyMFoXDTIxMDMyMzE5
+NTMyMFowfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
+B0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhv
+c3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O
+1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY
+lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt
+r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR
+CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN
+wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjGDAWMBQG
+A1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEANRpymWHAcAtf
+Emf6dPUBK9Jad5+Q3eQr2rfcApA1LUGr49ujaRIA58xxbrGBnXebL08KUQPXB0X+
+YX4f/LZZSTkKEXNjlKY+qNStHZP6X8/v+lIjh3vVulaUQqMFYbXlrcLSibIMhNEw
+1tdcKrcp8U25yn/hTP+sqRs3nUD6y1JF3h0p6mE4rMw5DUbu/4kPyoi48ShsLF9v
+wSdQ5TohvmMHp7m8iRj28qNdVlYYMs49pDgeP3I8EnD3g3RE78lp/p3sXOLUKW9z
+3xhDGJGh1913IkHy9zUdRzBLP07u4F9yNjrHVBO6Dg/kC7TkLvphNvVLNUeoBkn6
+m1/CopGF2Q==
+-----END CERTIFICATE-----

src/internal.c

@@ -9158,6 +9158,29 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 }
 
                 if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) {
+                #ifndef WOLFSSL_ALLOW_NO_CN_IN_SAN
+                    /* Per RFC 5280 section 4.2.1.6, "Whenever such identities
+                     * are to be bound into a certificate, the subject
+                     * alternative name extension MUST be used." */
+                    if (args->dCert->altNames) {
+                        if (CheckAltNames(args->dCert,
+                                (char*)ssl->buffers.domainName.buffer) == 0 ) {
+                            WOLFSSL_MSG("DomainName match on alt names failed");
+                            /* try to get peer key still */
+                            ret = DOMAIN_NAME_MISMATCH;
+                        }
+                    }
+                    else {
+                        if (MatchDomainName(
+                                 args->dCert->subjectCN,
+                                 args->dCert->subjectCNLen,
+                                 (char*)ssl->buffers.domainName.buffer) == 0) {
+                            WOLFSSL_MSG("DomainName match on common name failed");
+                            ret = DOMAIN_NAME_MISMATCH;
+                        }
+                    }
+                #else /* WOLFSSL_ALL_NO_CN_IN_SAN */
+                    /* Old behavior. */
                     if (MatchDomainName(args->dCert->subjectCN,
                                 args->dCert->subjectCNLen,
                                 (char*)ssl->buffers.domainName.buffer) == 0) {
@@ -9170,6 +9193,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             ret = DOMAIN_NAME_MISMATCH;
                         }
                     }
+                #endif /* WOLFSSL_ALL_NO_CN_IN_SAN */
                 }
 
                 /* decode peer key */

tests/test-fails.conf

@@ -94,3 +94,17 @@
 # client ECC bad sig error
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
+
+# server missing CN from alternate names list
+-v 3
+-l ECDHE-RSA-AES128-GCM-SHA256
+-c ./certs/test/server-garbage.pem
+
+# client missing CN from alternate names list
+-v 3
+-l ECDHE-RSA-AES128-GCM-SHA256
+-h localhost
+-A ./certs/test/server-garbage.pem
+-m
+-X
+

tests/test.conf

@@ -2306,3 +2306,15 @@
 -A ./certs/test/server-goodaltwild.pem
 -m
 -C
+
+# server CN in alternate names list
+-v 3
+-l ECDHE-RSA-AES128-GCM-SHA256
+-c ./certs/test/server-localhost.pem
+
+# client CN in alternate names list
+-v 3
+-l ECDHE-RSA-AES128-GCM-SHA256
+-h localhost
+-A ./certs/test/server-localhost.pem
+-m