oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Find first CN= in the name, and try to match the hostname on that

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25143 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-04-27 02:18:44 +00:00
parent 5e4d0f8798
commit b7064afbcf
1 changed files with 23 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
lib/hx509/cert.c
View File

@@ -2360,6 +2360,7 @@ hx509_verify_hostname(hx509_context context,
/* XXX krb5_socklen_t */ int sa_size) /* XXX krb5_socklen_t */ int sa_size)
{ {
GeneralNames san; GeneralNames san;
const Name *name;
int ret, i, j; int ret, i, j;
if (sa && sa_size <= 0) if (sa && sa_size <= 0)
@@ -2391,31 +2392,31 @@ hx509_verify_hostname(hx509_context context,
free_GeneralNames(&san); free_GeneralNames(&san);
} while (1); } while (1);
{ name = &cert->data->tbsCertificate.subject;
const Name *name = &cert->data->tbsCertificate.subject;
/* match if first component is a CN= */ /* Find first CN= in the name, and try to match the hostname on that */
if (name->u.rdnSequence.len > 0 for (ret = 0, i = name->u.rdnSequence.len - 1; ret == 0 && i >= 0; i--) {
&& name->u.rdnSequence.val[0].len == 1 for (j = 0; ret == 0 && j < name->u.rdnSequence.val[i].len; j++) {
&& der_heim_oid_cmp(&name->u.rdnSequence.val[0].val[0].type, AttributeTypeAndValue *n = &name->u.rdnSequence.val[i].val[j];
oid_id_at_commonName()) == 0)
{
DirectoryString *ds = &name->u.rdnSequence.val[0].val[0].value;
switch (ds->element) { if (der_heim_oid_cmp(&n->type, oid_id_at_commonName()) == 0) {
case choice_DirectoryString_printableString: DirectoryString *ds = &n->value;
if (strcasecmp(ds->u.printableString, hostname) == 0) switch (ds->element) {
case choice_DirectoryString_printableString:
if (strcasecmp(ds->u.printableString, hostname) == 0)
return 0;
break;
case choice_DirectoryString_ia5String:
if (strcasecmp(ds->u.ia5String, hostname) == 0)
return 0; return 0;
break; break;
case choice_DirectoryString_ia5String: case choice_DirectoryString_utf8String:
if (strcasecmp(ds->u.ia5String, hostname) == 0) if (strcasecmp(ds->u.utf8String, hostname) == 0)
return 0; return 0;
break; default:
case choice_DirectoryString_utf8String: break;
if (strcasecmp(ds->u.utf8String, hostname) == 0) }
return 0; ret = HX509_NAME_CONSTRAINT_ERROR;
default:
break;
} }
} }
} }