wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-03 22:50:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Subject Alt Name Matching

Browse Source 
1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.

Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.
This commit is contained in:
John Safranek
2018-07-02 13:39:11 -07:00
parent 33b72a3dfe
commit adb3cc5a5a
8 changed files with 206 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test.conf
+12
View File
@@ -2306,3 +2306,15 @@
-A ./certs/test/server-goodaltwild.pem
-m
-C
# server CN in alternate names list
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-localhost.pem
# client CN in alternate names list
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-localhost.pem
-m