diff --git a/src/SocketCore.cc b/src/SocketCore.cc index aeac675f..823d302a 100644 --- a/src/SocketCore.cc +++ b/src/SocketCore.cc @@ -1330,16 +1330,15 @@ bool verifyHostname(const std::string& hostname, const std::string& commonName) { if(util::isNumericHost(hostname)) { + if(ipAddrs.empty()) { + return commonName == hostname; + } // We need max 16 bytes to store IPv6 address. unsigned char binAddr[16]; size_t addrLen = getBinAddr(binAddr, hostname); if(addrLen == 0) { return false; } - if(ipAddrs.empty()) { - return addrLen == commonName.size() && - memcmp(binAddr, commonName.c_str(), addrLen) == 0; - } for(std::vector::const_iterator i = ipAddrs.begin(), eoi = ipAddrs.end(); i != eoi; ++i) { if(addrLen == (*i).size() && diff --git a/test/SocketCoreTest.cc b/test/SocketCoreTest.cc index 9422fbad..3702f37b 100644 --- a/test/SocketCoreTest.cc +++ b/test/SocketCoreTest.cc @@ -16,6 +16,7 @@ class SocketCoreTest:public CppUnit::TestFixture { CPPUNIT_TEST(testGetSocketError); CPPUNIT_TEST(testInetNtop); CPPUNIT_TEST(testGetBinAddr); + CPPUNIT_TEST(testVerifyHostname); CPPUNIT_TEST_SUITE_END(); public: void setUp() {} @@ -26,6 +27,7 @@ public: void testGetSocketError(); void testInetNtop(); void testGetBinAddr(); + void testVerifyHostname(); }; @@ -123,4 +125,88 @@ void SocketCoreTest::testGetBinAddr() CPPUNIT_ASSERT_EQUAL((size_t)0, net::getBinAddr(dest, "localhost")); } +void SocketCoreTest::testVerifyHostname() +{ + { + std::vector dnsNames, ipAddrs; + std::string commonName; + CPPUNIT_ASSERT(!net::verifyHostname("example.org", + dnsNames, ipAddrs, commonName)); + } + { + // Only commonName is provided + std::vector dnsNames, ipAddrs; + std::string commonName = "example.org"; + CPPUNIT_ASSERT(net::verifyHostname("example.org", + dnsNames, ipAddrs, commonName)); + } + { + // Match against dNSName in subjectAltName + std::vector dnsNames, ipAddrs; + dnsNames.push_back("foo"); + dnsNames.push_back("example.org"); + std::string commonName = "exampleX.org"; + CPPUNIT_ASSERT(net::verifyHostname("example.org", + dnsNames, ipAddrs, commonName)); + } + { + // If dNsName is provided, don't match with commonName + std::vector dnsNames, ipAddrs; + dnsNames.push_back("foo"); + dnsNames.push_back("exampleX.org"); + ipAddrs.push_back("example.org"); + std::string commonName = "example.org"; + CPPUNIT_ASSERT(!net::verifyHostname("example.org", + dnsNames, ipAddrs, commonName)); + } + { + // IPAddress in dnsName don't match. + std::vector dnsNames, ipAddrs; + dnsNames.push_back("192.168.0.1"); + std::string commonName = "example.org"; + CPPUNIT_ASSERT(!net::verifyHostname("192.168.0.1", + dnsNames, ipAddrs, commonName)); + } + { + // IPAddress string match with commonName + std::vector dnsNames, ipAddrs; + std::string commonName = "192.168.0.1"; + CPPUNIT_ASSERT(net::verifyHostname("192.168.0.1", + dnsNames, ipAddrs, commonName)); + } + { + // Match against iPAddress in subjectAltName + std::vector dnsNames, ipAddrs; + unsigned char binAddr[16]; + size_t len; + len = net::getBinAddr(binAddr, "192.168.0.1"); + ipAddrs.push_back(std::string(binAddr, binAddr+len)); + std::string commonName = "example.org"; + CPPUNIT_ASSERT(net::verifyHostname("192.168.0.1", + dnsNames, ipAddrs, commonName)); + } + { + // Match against iPAddress (ipv6) in subjectAltName + std::vector dnsNames, ipAddrs; + unsigned char binAddr[16]; + size_t len; + len = net::getBinAddr(binAddr, "::1"); + ipAddrs.push_back(std::string(binAddr, binAddr+len)); + std::string commonName = "example.org"; + CPPUNIT_ASSERT(net::verifyHostname("::1", + dnsNames, ipAddrs, commonName)); + } + { + // If iPAddress is privided, don't match with commonName + std::vector dnsNames, ipAddrs; + unsigned char binAddr[16]; + size_t len; + len = net::getBinAddr(binAddr, "192.168.0.2"); + ipAddrs.push_back(std::string(binAddr, binAddr+len)); + std::string commonName = "192.168.0.1"; + CPPUNIT_ASSERT(!net::verifyHostname("192.168.0.1", + dnsNames, ipAddrs, commonName)); + } +} + } // namespace aria2