From 51c160b7d279f2b93b5318f23ce091fd42ef3230 Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Tue, 26 Feb 2008 12:18:59 +0100 Subject: Move rfc2818.h hostname comparison to gnutls_str.h and update callers. --- doc/reference/Makefile.am | 2 +- lib/gnutls_str.c | 45 ++++++++++++++++++++++++++++++++++++++++++++- lib/gnutls_str.h | 5 ++++- lib/openpgp/pgp.c | 2 +- lib/x509/Makefile.am | 2 +- lib/x509/rfc2818.h | 26 -------------------------- lib/x509/rfc2818_hostname.c | 44 +------------------------------------------- 7 files changed, 52 insertions(+), 74 deletions(-) delete mode 100644 lib/x509/rfc2818.h diff --git a/doc/reference/Makefile.am b/doc/reference/Makefile.am index dfcc0f69c4..903ddff98e 100644 --- a/doc/reference/Makefile.am +++ b/doc/reference/Makefile.am @@ -68,7 +68,7 @@ IGNORE_HFILES=debug.h gnutls_compress.h defines.h gnutls_cipher.h \ der.h errors.h gstr.h parser_aux.h element.h \ errors_int.h int.h mem.h structure.h \ \ - common.h mpi.h rfc2818.h compat.h \ + common.h mpi.h compat.h \ \ gnutls_extra.h openssl_compat.h \ \ diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index 5bf13042c7..1002abfd96 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002, 2004, 2005, 2007 Free Software Foundation + * Copyright (C) 2002, 2004, 2005, 2007, 2008 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -314,3 +314,46 @@ _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, return 0; } + + +/* compare hostname against certificate, taking account of wildcards + * return 1 on success or 0 on error + */ +int +_gnutls_hostname_compare (const char *certname, const char *hostname) +{ + const char *cmpstr1, *cmpstr2; + + if (strlen (certname) == 0 || strlen (hostname) == 0) + return 0; + + if (strlen (certname) > 2 && strncmp (certname, "*.", 2) == 0) + { + /* a wildcard certificate */ + + cmpstr1 = certname + 1; + + /* find the first dot in hostname, compare from there on */ + cmpstr2 = strchr (hostname, '.'); + + if (cmpstr2 == NULL) + { + /* error, the hostname we're connecting to is only a local part */ + return 0; + } + + if (strcasecmp (cmpstr1, cmpstr2) == 0) + { + return 1; + } + + return 0; + } + + if (strcasecmp (certname, hostname) == 0) + { + return 1; + } + + return 0; +} diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h index 0800cf15fa..e988fad67a 100644 --- a/lib/gnutls_str.h +++ b/lib/gnutls_str.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation + * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -62,4 +62,7 @@ char *_gnutls_bin2hex (const void *old, size_t oldlen, char *buffer, int _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, size_t * bin_size); +int _gnutls_hostname_compare (const char *certname, const char *hostname); +#define MAX_CN 256 + #endif diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index 74513345c4..43f11b84a5 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -27,7 +27,7 @@ #include #include #include -#include +#include #include /** diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am index 84bf00b227..b8ee0080b6 100644 --- a/lib/x509/Makefile.am +++ b/lib/x509/Makefile.am @@ -32,7 +32,7 @@ libgnutls_x509_la_SOURCES = crl.c dn.c common.c x509.c extensions.c \ dsa.c rfc2818_hostname.c verify.c mpi.c privkey.c pkcs7.c \ crq.c sign.c privkey_pkcs8.c pkcs12.c pkcs12_bag.c \ pkcs12_encr.c x509_write.c crl_write.c common.h x509_int.h \ - mpi.h pkcs12.h rfc2818.h output.c + mpi.h pkcs12.h output.c EXTRA_DIST = x509-api.texi diff --git a/lib/x509/rfc2818.h b/lib/x509/rfc2818.h deleted file mode 100644 index c339914527..0000000000 --- a/lib/x509/rfc2818.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -int _gnutls_hostname_compare (const char *certname, const char *hostname); -#define MAX_CN 256 diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c index 9742f4153f..eeac3454f8 100644 --- a/lib/x509/rfc2818_hostname.c +++ b/lib/x509/rfc2818_hostname.c @@ -22,53 +22,11 @@ */ #include +#include #include #include -#include #include -/* compare hostname against certificate, taking account of wildcards - * return 1 on success or 0 on error - */ -int -_gnutls_hostname_compare (const char *certname, const char *hostname) -{ - const char *cmpstr1, *cmpstr2; - - if (strlen (certname) == 0 || strlen (hostname) == 0) - return 0; - - if (strlen (certname) > 2 && strncmp (certname, "*.", 2) == 0) - { - /* a wildcard certificate */ - - cmpstr1 = certname + 1; - - /* find the first dot in hostname, compare from there on */ - cmpstr2 = strchr (hostname, '.'); - - if (cmpstr2 == NULL) - { - /* error, the hostname we're connecting to is only a local part */ - return 0; - } - - if (strcasecmp (cmpstr1, cmpstr2) == 0) - { - return 1; - } - - return 0; - } - - if (strcasecmp (certname, hostname) == 0) - { - return 1; - } - - return 0; -} - /** * gnutls_x509_crt_check_hostname - This function compares the given hostname with the hostname in the certificate * @cert: should contain an gnutls_x509_crt_t structure -- cgit v1.2.1