diff options
| author | Dan Gudmundsson <dgud@erlang.org> | 2021-03-15 10:05:31 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-15 10:05:31 +0100 |
| commit | 204a214189323656fa112c89a47065c3dc21deca (patch) | |
| tree | ff37f405cf3f7c2109f763ee61106c0131228fe7 | |
| parent | 5435d74172b13cf787a8c3759f436621c62a0f9f (diff) | |
| parent | 0e34f6aab2a96a4efc1fca1df4e905925d3c6130 (diff) | |
| download | erlang-204a214189323656fa112c89a47065c3dc21deca.tar.gz | |
Merge pull request #4611 from dgud/dgud/public_key/case-insensitiv-hostname/GH-4500/OTP-17242
Make hostname check case insensitive
| -rw-r--r-- | lib/public_key/src/public_key.erl | 4 | ||||
| -rw-r--r-- | lib/public_key/test/public_key_SUITE.erl | 18 |
2 files changed, 12 insertions, 10 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 4176fce978..597aca35d5 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -1815,8 +1815,8 @@ verify_hostname_match_default0(_, _) -> verify_hostname_match_wildcard(FQDN, Name) -> - [F1|Fs] = string:tokens(FQDN, "."), - [N1|Ns] = string:tokens(Name, "."), + [F1|Fs] = string:tokens(to_lower_ascii(FQDN), "."), + [N1|Ns] = string:tokens(to_lower_ascii(Name), "."), match_wild(F1,N1) andalso Fs==Ns. diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index 438924375c..348e0daa62 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -800,24 +800,26 @@ pkix_verify_hostname_subjAltName(Config) -> %% Check that a dns_id matches a DNS subjAltName: true = public_key:pkix_verify_hostname(Cert, [{dns_id,"kb.example.org"}]), + true = public_key:pkix_verify_hostname(Cert, [{dns_id,"KB.EXAMPLE.ORG"}]), %% Check that a dns_id does not match a DNS subjAltName wiht wildcard false = public_key:pkix_verify_hostname(Cert, [{dns_id,"other.example.org"}]), %% Check that a dns_id does match a DNS subjAltName wiht wildcard with matchfun - true = public_key:pkix_verify_hostname(Cert, [{dns_id,"other.example.org"}], - [{match_fun, public_key:pkix_verify_hostname_match_fun(https)} - ] - ), + MatchFun = {match_fun, public_key:pkix_verify_hostname_match_fun(https)}, + true = public_key:pkix_verify_hostname(Cert, [{dns_id,"other.example.org"}], [MatchFun]), + true = public_key:pkix_verify_hostname(Cert, [{dns_id,"OTHER.EXAMPLE.ORG"}], [MatchFun]), %% Check that a uri_id does not match a DNS subjAltName wiht wildcard false = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://other.example.org"}]), + false = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://OTHER.EXAMPLE.ORG"}]), %% Check that a dns_id does match a DNS subjAltName wiht wildcard with matchfun - true = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://other.example.org"}], - [{match_fun, public_key:pkix_verify_hostname_match_fun(https)} - ] - ). + true = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://other.example.org"}], [MatchFun]), + true = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://OTHER.EXAMPLE.ORG"}], [MatchFun]), + true = public_key:pkix_verify_hostname(Cert, [{uri_id,"https://OTHER.example.org"}], [MatchFun]), + + ok. %%-------------------------------------------------------------------- %% Uses the pem-file for pkix_verify_hostname_cn |