generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-26 18:42:41 +01:00
Code Issues Projects Releases Wiki Activity

If openssl > 1.0.2, use it to verify hostnames against certificates, with test (#1885)

Browse Source
This commit is contained in:
Conor Burgess
2017-09-13 15:32:52 +01:00
committed by Aleksandar Fabijanic
parent 33bc8b5011
commit 16414e4fbf
34 changed files with 578 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
NetSSL_OpenSSL/src/X509Certificate.cpp
View File

@@ -5,7 +5,7 @@
// Package: SSLCore
// Module: X509Certificate
//
// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
// Copyright (c) 2006-2017, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
@@ -81,7 +81,8 @@ bool X509Certificate::verify(const std::string& hostName) const
bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, const std::string& hostName)
{
{
#if OPENSSL_VERSION_NUMBER < 0x10002000L
std::string commonName;
std::set<std::string> dnsNames;
certificate.extractNames(commonName, dnsNames);
@@ -131,6 +132,21 @@ bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, c
}
}
return ok;
#else
if (X509_check_host(const_cast<X509*>(certificate.certificate()), hostName.c_str(), hostName.length(), 0, NULL) == 1)
{
return true;
}
else
{
IPAddress ip;
if (IPAddress::tryParse(hostName, ip))
{
return (X509_check_ip_asc(const_cast<X509*>(certificate.certificate()), hostName.c_str(), 0) == 1);
}
}
return false;
#endif
}