From 311d4992f2053cf7fe37754e724b5f2bfaf7bd19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 25 Jun 2007 14:37:15 +0000
Subject: [PATCH] Match is first component is in a CN=.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21294 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/cert.c | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c
index 35c97d806..64eea3134 100644
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -220,7 +220,7 @@ hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
 
 int
 hx509_cert_init_data(hx509_context context, 
-		     const void *ptr,
+	     const void *ptr,
 		     size_t len,
 		     hx509_cert *cert)
 {
@@ -1916,6 +1916,35 @@ hx509_verify_hostname(hx509_context context,
 	free_GeneralNames(&san);
     } while (1);
 
+    {
+	Name *name = &cert->data->tbsCertificate.subject;
+
+	/* match if first component is a CN= */
+	if (name->u.rdnSequence.len > 0
+	    && name->u.rdnSequence.val[0].len == 1
+	    && der_heim_oid_cmp(&name->u.rdnSequence.val[0].val[0].type,
+				oid_id_at_commonName()) == 0)
+	{
+	    DirectoryString *ds = &name->u.rdnSequence.val[0].val[0].value;
+
+	    switch (ds->element) {
+	    case choice_DirectoryString_printableString:
+		if (strcasecmp(ds->u.printableString, hostname) == 0)
+		    return 0;
+		break;
+	    case choice_DirectoryString_ia5String:
+		if (strcasecmp(ds->u.ia5String, hostname) == 0)
+		    return 0;
+		break;
+	    case choice_DirectoryString_utf8String:
+		if (strcasecmp(ds->u.utf8String, hostname) == 0)
+		    return 0;
+	    default:
+		break;
+	    }
+	}
+    }
+
     if ((flags & HX509_VHN_F_ALLOW_NO_MATCH) == 0)
 	ret = HX509_NAME_CONSTRAINT_ERROR;