mirror of
				https://github.com/pocoproject/poco.git
				synced 2025-10-20 22:31:31 +02:00 
			
		
		
		
	X509Certificate::verify(): use OpenSSL X509_check_host() and X509_check_ip_asc() if available
This commit is contained in:
		| @@ -82,6 +82,7 @@ bool X509Certificate::verify(const std::string& hostName) const | ||||
|  | ||||
| bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, const std::string& hostName) | ||||
| {		 | ||||
| #if OPENSSL_VERSION_NUMBER < 0x10002000L | ||||
| 	std::string commonName; | ||||
| 	std::set<std::string> dnsNames; | ||||
| 	certificate.extractNames(commonName, dnsNames); | ||||
| @@ -131,6 +132,21 @@ bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, c | ||||
| 		} | ||||
| 	} | ||||
| 	return ok; | ||||
| #else | ||||
| 	if (X509_check_host(const_cast<X509*>(certificate.certificate()), hostName.c_str(), hostName.length(), 0, NULL) == 1) | ||||
| 	{ | ||||
| 		return true; | ||||
| 	} | ||||
| 	else | ||||
| 	{ | ||||
| 		IPAddress ip; | ||||
| 		if (IPAddress::tryParse(hostName, ip)) | ||||
| 		{ | ||||
| 		    return (X509_check_ip_asc(const_cast<X509*>(certificate.certificate()), hostName.c_str(), 0) == 1); | ||||
| 		} | ||||
| 	} | ||||
| 	return false; | ||||
| #endif | ||||
| } | ||||
|  | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Günter Obiltschnig
					Günter Obiltschnig