pxcloud/spice-common
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice-common synced 2025-12-30 18:00:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssl-verify: Changed IPv4 hostname to IPv6

Browse Source 
Change inet_aton function to glib functions.

inet_aton only supported IPv4 addresses, and wasn't available on windows
machines. GInetAddress functions support IPv6 natively, and requires less
boilerplate code then IPv6 gettaddrinfo().
This commit is contained in:
Lukas Venhoda 2015-10-22 14:22:21 +02:00 committed by Fabiano Fidêncio
parent 9b74e47ed3
commit 9749e7ed14
1 changed files with 21 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
common/ssl_verify.c
View File

@ -31,19 +31,7 @@
#endif #endif
#include <ctype.h> #include <ctype.h>
#include <string.h> #include <string.h>
#include <gio/gio.h>
#ifdef WIN32
static int inet_aton(const char* ip, struct in_addr* in_addr)
{
unsigned long addr = inet_addr(ip);
if (addr == INADDR_NONE) {
return 0;
}
in_addr->S_un.S_addr = addr;
return 1;
}
#endif
static int verify_pubkey(X509* cert, const char *key, size_t key_size) static int verify_pubkey(X509* cert, const char *key, size_t key_size)
{ {
@ -202,20 +190,29 @@ static int verify_hostname(X509* cert, const char *hostname)
return 1; return 1;
} }
} else if (name->type == GEN_IPADD) { } else if (name->type == GEN_IPADD) {
struct in_addr addr; GInetAddress * alt_ip = NULL;
int addr_len = 0; GInetAddress * ip = NULL;
int alt_ip_len = ASN1_STRING_length(name->d.iPAddress); gchar * alt_ip_string = NULL;
const guint8 * ip_binary = NULL;
int alt_ip_len = 0;
int ip_len = 0;
found_dns_name = 1; found_dns_name = 1;
// only IpV4 supported ip = g_inet_address_new_from_string(hostname);
if (inet_aton(hostname, &addr)) { ip_len = g_inet_address_get_native_size(ip);
addr_len = sizeof(struct in_addr); ip_binary = g_inet_address_to_bytes(ip);
}
if ((addr_len == alt_ip_len)&& alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
!memcmp(ASN1_STRING_data(name->d.iPAddress), &addr, addr_len)) {
spice_debug("alt name IP match=%s", if ((ip_len == alt_ip_len) &&
inet_ntoa(*((struct in_addr*)ASN1_STRING_data(name->d.dNSName)))); (memcmp(ASN1_STRING_data(name->d.iPAddress), ip_binary, ip_len)) == 0) {
alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_data(name->d.iPAddress),
g_inet_address_get_family(ip));
alt_ip_string = g_inet_address_to_string(alt_ip);
spice_debug("alt name IP match=%s", alt_ip_string);
g_free(alt_ip_string);
GENERAL_NAMES_free(subject_alt_names); GENERAL_NAMES_free(subject_alt_names);
return 1; return 1;
} }