pxcloud/spice-common
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice-common synced 2025-12-29 00:17:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssl-verify: Only check addr length when using IP addr

Browse Source 
Only check for address length, when connecting through IP address.
It is not used, when connecting through DNS hostname.
This commit is contained in:
Lukas Venhoda 2015-10-22 14:22:19 +02:00 committed by Fabiano Fidêncio
parent f7ec855af3
commit fb6904f528
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
common/ssl_verify.c
View File

@ -161,8 +161,6 @@ static int verify_hostname(X509* cert, const char *hostname)
{
GENERAL_NAMES* subject_alt_names;
int found_dns_name = 0;
struct in_addr addr;
int addr_len = 0;
int cn_match = 0;
X509_NAME* subject;
@ -173,11 +171,6 @@ static int verify_hostname(X509* cert, const char *hostname)
return 0;
}
// only IpV4 supported
if (inet_aton(hostname, &addr)) {
addr_len = sizeof(struct in_addr);
}
/* try matching against:
* 1) a DNS name as an alternative name (subjectAltName) extension
* in the certificate
@ -209,8 +202,16 @@ static int verify_hostname(X509* cert, const char *hostname)
return 1;
}
} else if (name->type == GEN_IPADD) {
struct in_addr addr;
int addr_len = 0;
int alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
found_dns_name = 1;
// only IpV4 supported
if (inet_aton(hostname, &addr)) {
addr_len = sizeof(struct in_addr);
}
if ((addr_len == alt_ip_len)&&
!memcmp(ASN1_STRING_data(name->d.iPAddress), &addr, addr_len)) {
spice_debug("alt name IP match=%s",