github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove trailing "." from SAN and CN

pull/641/head
Tatsuhiro Tsujikawa 2016-04-21 23:02:58 +09:00
parent 3bb2946437
commit aab2472390
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/LibgnutlsTLSSession.cc
View File

@ -313,6 +313,17 @@ int GnuTLSSession::tlsConnect(const std::string& hostname, TLSVersion& version,
ret = gnutls_x509_crt_get_subject_alt_name(cert, i, altName, &altNameLen,
nullptr);
if (ret == GNUTLS_SAN_DNSNAME) {
if (altNameLen == 0) {
continue;
}
if (altName[altNameLen - 1] == '.') {
--altNameLen;
if (altNameLen == 0) {
continue;
}
}
dnsNames.push_back(std::string(altName, altNameLen));
}
else if (ret == GNUTLS_SAN_IPADDRESS) {
@ -323,8 +334,15 @@ int GnuTLSSession::tlsConnect(const std::string& hostname, TLSVersion& version,
ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
altName, &altNameLen);
if (ret == 0) {
if (altNameLen > 0) {
if (altName[altNameLen - 1] == '.') {
--altNameLen;
if (altNameLen > 0) {
commonName.assign(altName, altNameLen);
}
}
}
}
if (!net::verifyHostname(hostname, dnsNames, ipAddrs, commonName)) {
handshakeErr = "hostname does not match";
return TLS_ERR_ERROR;

20
src/LibsslTLSSession.cc
View File

@ -259,6 +259,15 @@ int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
continue;
}
size_t len = ASN1_STRING_length(altName->d.ia5);
if (len == 0) {
continue;
}
if (name[len - 1] == '.') {
--len;
if (len == 0) {
continue;
}
}
dnsNames.push_back(std::string(name, len));
}
else if (altName->type == GEN_IPADD) {
@ -290,6 +299,17 @@ int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
if (outlen < 0) {
continue;
}
if (outlen == 0) {
OPENSSL_free(out);
continue;
}
if (out[outlen - 1] == '.') {
--outlen;
if (outlen == 0) {
OPENSSL_free(out);
continue;
}
}
commonName.assign(&out[0], &out[outlen]);
OPENSSL_free(out);
break;