XRootD
XrdTlsNotaryUtils.hh File Reference
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Enumerations

enum  HostnameValidationResult {
  MatchFound ,
  MatchNotFound ,
  NoSANPresent ,
  MalformedCertificate ,
  Error
}
 

Functions

HostnameValidationResult validate_hostname (const char *hostname, const X509 *server_cert)
 

Enumeration Type Documentation

◆ HostnameValidationResult

Enumerator
MatchFound 
MatchNotFound 
NoSANPresent 
MalformedCertificate 
Error 

Definition at line 37 of file XrdTlsNotaryUtils.hh.

37  {
38  MatchFound,
42  Error
HostnameValidationResult
@ MatchNotFound
@ Error
@ NoSANPresent
@ MalformedCertificate
@ MatchFound

Function Documentation

◆ validate_hostname()

HostnameValidationResult validate_hostname ( const char *  hostname,
const X509 *  server_cert 
)

Validates the server's identity by looking for the expected hostname in the server's certificate. As described in RFC 6125, it first tries to find a match in the Subject Alternative Name extension. If the extension is not present in the certificate, it checks the Common Name instead.

Returns MatchFound if a match was found. Returns MatchNotFound if no matches were found. Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. Returns Error if there was an error.

Definition at line 167 of file XrdTlsNotaryUtils.icc.

167  {
169 
170  if((hostname == NULL) || (server_cert == NULL))
171  return Error;
172 
173  // First try the Subject Alternative Names extension
174  result = matches_subject_alternative_name(hostname, server_cert);
175  if (result == NoSANPresent) {
176  // Extension was not found: try the Common Name
177  result = matches_common_name(hostname, server_cert);
178  }
179 
180  return result;
181 }
static HostnameValidationResult matches_common_name(const char *hostname, const X509 *server_cert)
static HostnameValidationResult matches_subject_alternative_name(const char *hostname, const X509 *server_cert)

References Macaroons::Error, matches_common_name(), matches_subject_alternative_name(), and NoSANPresent.

+ Here is the call graph for this function: