[crypto] Allow wildcard matches on commonName as well as subjectAltName
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
parent
f10726c8bb
commit
93acb5d8d0
@ -1410,13 +1410,9 @@ static int x509_check_dnsname ( struct x509_certificate *cert,
|
|||||||
( memcmp ( name, dnsname, len ) == 0 ) ) )
|
( memcmp ( name, dnsname, len ) == 0 ) ) )
|
||||||
return -ENOENT;
|
return -ENOENT;
|
||||||
|
|
||||||
if ( name == fullname ) {
|
if ( name != fullname ) {
|
||||||
DBGC2 ( cert, "X509 %p \"%s\" subjectAltName matches \"%s\"\n",
|
DBGC2 ( cert, "X509 %p \"%s\" found wildcard match for "
|
||||||
cert, x509_name ( cert ), name );
|
"\"*.%s\"\n", cert, x509_name ( cert ), name );
|
||||||
} else {
|
|
||||||
DBGC2 ( cert, "X509 %p \"%s\" subjectAltName matches \"%s\" "
|
|
||||||
"(via \"*.%s\")\n", cert, x509_name ( cert ),
|
|
||||||
fullname, name );
|
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1465,8 +1461,7 @@ int x509_check_name ( struct x509_certificate *cert, const char *name ) {
|
|||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
/* Check commonName */
|
/* Check commonName */
|
||||||
if ( ( strlen ( name ) == common_name->len ) &&
|
if ( x509_check_dnsname ( cert, common_name, name ) == 0 ) {
|
||||||
( memcmp ( name, common_name->data, common_name->len ) == 0 ) ) {
|
|
||||||
DBGC2 ( cert, "X509 %p \"%s\" commonName matches \"%s\"\n",
|
DBGC2 ( cert, "X509 %p \"%s\" commonName matches \"%s\"\n",
|
||||||
cert, x509_name ( cert ), name );
|
cert, x509_name ( cert ), name );
|
||||||
return 0;
|
return 0;
|
||||||
@ -1477,8 +1472,11 @@ int x509_check_name ( struct x509_certificate *cert, const char *name ) {
|
|||||||
sizeof ( alt_name ) );
|
sizeof ( alt_name ) );
|
||||||
for ( ; alt_name.len ; asn1_skip_any ( &alt_name ) ) {
|
for ( ; alt_name.len ; asn1_skip_any ( &alt_name ) ) {
|
||||||
if ( ( rc = x509_check_alt_name ( cert, &alt_name,
|
if ( ( rc = x509_check_alt_name ( cert, &alt_name,
|
||||||
name ) ) == 0 )
|
name ) ) == 0 ) {
|
||||||
|
DBGC2 ( cert, "X509 %p \"%s\" subjectAltName matches "
|
||||||
|
"\"%s\"\n", cert, x509_name ( cert ), name );
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
DBGC ( cert, "X509 %p \"%s\" does not match name \"%s\"\n",
|
DBGC ( cert, "X509 %p \"%s\" does not match name \"%s\"\n",
|
||||||
|
Reference in New Issue
Block a user