diff options
| author | Simon Josefsson <simon@josefsson.org> | 2007-02-16 13:23:33 +0000 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2007-02-16 13:23:33 +0000 |
| commit | 30dd07bfb37f329bdc4a18f238179c1a2ee5971b (patch) | |
| tree | 93f7222cb70b962452d9c9bdd7f82548ad75a2fd | |
| parent | 5d6ca18e2a83b31a4b7b07bbc2bc8330924ceafa (diff) | |
| download | gnutls-30dd07bfb37f329bdc4a18f238179c1a2ee5971b.tar.gz | |
Support iPAddress too. Doc fix.
| -rw-r--r-- | lib/x509/rfc2818_hostname.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c index 5aa26b3a57..8ba419018c 100644 --- a/lib/x509/rfc2818_hostname.c +++ b/lib/x509/rfc2818_hostname.c @@ -75,13 +75,13 @@ _gnutls_hostname_compare (const char *certname, const char *hostname) * @cert: should contain an gnutls_x509_crt_t structure * @hostname: A null terminated string that contains a DNS name * - * This function will check if the given certificate's subject matches - * the given hostname. This is a basic implementation of the matching - * described in RFC2818 (HTTPS), which takes into account wildcards, - * and the subject alternative name PKIX extension. - * - * Returns non zero on success, and zero on failure. + * This function will check if the given certificate's subject + * matches the given hostname. This is a basic implementation of the + * matching described in RFC2818 (HTTPS), which takes into account + * wildcards, and the DNSName/IPAddress subject alternative name PKIX + * extension. * + * Returns non zero for a successful match, and zero on failure. **/ int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const char *hostname) @@ -123,19 +123,27 @@ gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const char *hostname) return 1; } } + else if (ret == GNUTLS_SAN_IPADDRESS) + { + found_dnsname = 1; /* RFC 2818 is unclear whether the CN + should be compared for IP addresses + too, but we won't do it. */ + if (_gnutls_hostname_compare (dnsname, hostname)) + { + return 1; + } + } } - /* XXX also check iPAddress. */ - if (!found_dnsname) { - /* not got the necessary extension, use CN instead + /* not got the necessary extension, use CN instead */ dnsnamesize = sizeof (dnsname); if (gnutls_x509_crt_get_dn_by_oid (cert, OID_X520_COMMON_NAME, 0, 0, dnsname, &dnsnamesize) < 0) { - /* got an error, can't find a name + /* got an error, can't find a name */ return 0; } |