diff options
| author | Spencer Jackson <spencer.jackson@mongodb.com> | 2015-08-31 17:29:35 -0400 |
|---|---|---|
| committer | Ramon Fernandez <ramon.fernandez@mongodb.com> | 2015-09-23 18:30:34 -0400 |
| commit | ed7d08187adc2f84574e16b0c9149d886b6e14a6 (patch) | |
| tree | 5079d513268e9ed30cbc64b00e3e20a6b0b9eca4 | |
| parent | 5da060573aebc32303b9ab72bbea7a552dcfcf06 (diff) | |
| download | mongo-ed7d08187adc2f84574e16b0c9149d886b6e14a6.tar.gz | |
SERVER-17120 Check existance of CN in X509 subject
(cherry picked from commit fadaf9680288070439ed9a9ed4ed847a33209493)
| -rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index 4b48d303642..5caf871cb47 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -998,12 +998,15 @@ std::string SSLManager::parseAndValidatePeerCertificate(const SSLConnection* con sk_GENERAL_NAME_pop_free(sanNames, GENERAL_NAME_free); } else { // If Subject Alternate Name (SAN) didn't exist, check Common Name (CN). - int cnBegin = peerSubjectName.find("CN=") + 3; - int cnEnd = peerSubjectName.find(",", cnBegin); - std::string commonName = peerSubjectName.substr(cnBegin, cnEnd - cnBegin); + size_t cnBegin = peerSubjectName.find("CN="); + if (cnBegin != std::string::npos) { + size_t cnEnd = peerSubjectName.find(",", cnBegin); + if (cnEnd != std::string::npos) { + cnEnd = cnEnd - cnBegin; + } + std::string commonName = peerSubjectName.substr(cnBegin + 3, cnEnd); - if (_hostNameMatch(remoteHost.c_str(), commonName.c_str())) { - cnMatch = true; + cnMatch = _hostNameMatch(remoteHost.c_str(), commonName.c_str()); } } |