generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-05-02 15:41:36 +02:00
Code Issues Projects Releases Wiki Activity

X509Certificate::verify(): use OpenSSL X509_check_host() and X509_check_ip_asc() if available

Browse Source
This commit is contained in:
Günter Obiltschnig 2018-03-05 22:17:31 +01:00
parent 451f05121e
commit 8dc4223acb
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
NetSSL_OpenSSL/src/X509Certificate.cpp
View File

@ -82,6 +82,7 @@ bool X509Certificate::verify(const std::string& hostName) const
bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, const std::string& hostName)
{
#if OPENSSL_VERSION_NUMBER < 0x10002000L
std::string commonName;
std::set<std::string> dnsNames;
certificate.extractNames(commonName, dnsNames);
@ -131,6 +132,21 @@ bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, c
}
}
return ok;
#else
if (X509_check_host(const_cast<X509*>(certificate.certificate()), hostName.c_str(), hostName.length(), 0, NULL) == 1)
{
return true;
}
else
{
IPAddress ip;
if (IPAddress::tryParse(hostName, ip))
{
return (X509_check_ip_asc(const_cast<X509*>(certificate.certificate()), hostName.c_str(), 0) == 1);
}
}
return false;
#endif
}