github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove trailing "." from SAN and CN

pull/641/head
Tatsuhiro Tsujikawa 2016-04-21 23:02:58 +09:00
parent 3bb2946437
commit aab2472390
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/LibgnutlsTLSSession.cc
View File

@ -313,6 +313,17 @@ int GnuTLSSession::tlsConnect(const std::string& hostname, TLSVersion& version,
ret = gnutls_x509_crt_get_subject_alt_name(cert, i, altName, &altNameLen, ret = gnutls_x509_crt_get_subject_alt_name(cert, i, altName, &altNameLen,
nullptr); nullptr);
if (ret == GNUTLS_SAN_DNSNAME) { if (ret == GNUTLS_SAN_DNSNAME) {
if (altNameLen == 0) {
continue;
}
if (altName[altNameLen - 1] == '.') {
--altNameLen;
if (altNameLen == 0) {
continue;
}
}
dnsNames.push_back(std::string(altName, altNameLen)); dnsNames.push_back(std::string(altName, altNameLen));
} }
else if (ret == GNUTLS_SAN_IPADDRESS) { else if (ret == GNUTLS_SAN_IPADDRESS) {
@ -323,7 +334,14 @@ int GnuTLSSession::tlsConnect(const std::string& hostname, TLSVersion& version,
ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
altName, &altNameLen); altName, &altNameLen);
if (ret == 0) { if (ret == 0) {
commonName.assign(altName, altNameLen); if (altNameLen > 0) {
if (altName[altNameLen - 1] == '.') {
--altNameLen;
if (altNameLen > 0) {
commonName.assign(altName, altNameLen);
}
}
}
} }
if (!net::verifyHostname(hostname, dnsNames, ipAddrs, commonName)) { if (!net::verifyHostname(hostname, dnsNames, ipAddrs, commonName)) {
handshakeErr = "hostname does not match"; handshakeErr = "hostname does not match";

20
src/LibsslTLSSession.cc
View File

@ -259,6 +259,15 @@ int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
continue; continue;
} }
size_t len = ASN1_STRING_length(altName->d.ia5); size_t len = ASN1_STRING_length(altName->d.ia5);
if (len == 0) {
continue;
}
if (name[len - 1] == '.') {
--len;
if (len == 0) {
continue;
}
}
dnsNames.push_back(std::string(name, len)); dnsNames.push_back(std::string(name, len));
} }
else if (altName->type == GEN_IPADD) { else if (altName->type == GEN_IPADD) {
@ -290,6 +299,17 @@ int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
if (outlen < 0) { if (outlen < 0) {
continue; continue;
} }
if (outlen == 0) {
OPENSSL_free(out);
continue;
}
if (out[outlen - 1] == '.') {
--outlen;
if (outlen == 0) {
OPENSSL_free(out);
continue;
}
}
commonName.assign(&out[0], &out[outlen]); commonName.assign(&out[0], &out[outlen]);
OPENSSL_free(out); OPENSSL_free(out);
break; break;