You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
2.2 KiB
57 lines
2.2 KiB
/* Obtained from: https://github.com/iSECPartners/ssl-conservatory */
|
|
|
|
/*
|
|
Copyright (C) 2012, iSEC Partners.
|
|
|
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
this software and associated documentation files (the "Software"), to deal in
|
|
the Software without restriction, including without limitation the rights to
|
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
|
of the Software, and to permit persons to whom the Software is furnished to do
|
|
so, subject to the following conditions:
|
|
|
|
The above copyright notice and this permission notice shall be included in all
|
|
copies or substantial portions of the Software.
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
SOFTWARE.
|
|
*/
|
|
|
|
/*
|
|
* Helper functions to perform basic hostname validation using OpenSSL.
|
|
*
|
|
* Please read "everything-you-wanted-to-know-about-openssl.pdf" before
|
|
* attempting to use this code. This whitepaper describes how the code works,
|
|
* how it should be used, and what its limitations are.
|
|
*
|
|
* Author: Alban Diquet
|
|
* License: See LICENSE
|
|
*
|
|
*/
|
|
|
|
typedef enum {
|
|
MatchFound,
|
|
MatchNotFound,
|
|
NoSANPresent,
|
|
MalformedCertificate,
|
|
Error
|
|
} HostnameValidationResult;
|
|
|
|
/**
|
|
* Validates the server's identity by looking for the expected hostname in the
|
|
* server's certificate. As described in RFC 6125, it first tries to find a match
|
|
* in the Subject Alternative Name extension. If the extension is not present in
|
|
* the certificate, it checks the Common Name instead.
|
|
*
|
|
* Returns MatchFound if a match was found.
|
|
* Returns MatchNotFound if no matches were found.
|
|
* Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it.
|
|
* Returns Error if there was an error.
|
|
*/
|
|
HostnameValidationResult validate_hostname(const char *hostname, const X509 *server_cert);
|