39 #include <openssl/x509v3.h>
40 #include <openssl/ssl.h>
47 #define HOSTNAME_MAX_SIZE 255
58 int common_name_loc = -1;
59 X509_NAME_ENTRY *common_name_entry = NULL;
60 ASN1_STRING *common_name_asn1 = NULL;
61 char *common_name_str = NULL;
64 common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) server_cert), NID_commonName, -1);
65 if (common_name_loc < 0) {
70 common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *) server_cert), common_name_loc);
71 if (common_name_entry == NULL) {
76 common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
77 if (common_name_asn1 == NULL) {
80 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
81 common_name_str = (
char *) ASN1_STRING_get0_data(common_name_asn1);
83 common_name_str = (
char *) ASN1_STRING_data(common_name_asn1);
87 if ((
size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) {
112 int san_names_nb = -1;
113 STACK_OF(GENERAL_NAME) *san_names = NULL;
116 san_names =
static_cast<GENERAL_NAMES *
>(
117 X509_get_ext_d2i((X509 *) server_cert,
118 NID_subject_alt_name, NULL, NULL));
119 if (san_names == NULL) {
122 san_names_nb = sk_GENERAL_NAME_num(san_names);
125 for (i=0; i<san_names_nb; i++) {
126 const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
128 if (current_name->type == GEN_DNS) {
130 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
131 char *dns_name = (
char *) ASN1_STRING_get0_data(current_name->d.dNSName);
133 char *dns_name = (
char *) ASN1_STRING_data(current_name->d.dNSName);
137 if ((
size_t)ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) {
150 sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
170 if((hostname == NULL) || (server_cert == NULL))
int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
HostnameValidationResult validate_hostname(const char *hostname, const X509 *server_cert)
static HostnameValidationResult matches_common_name(const char *hostname, const X509 *server_cert)
static HostnameValidationResult matches_subject_alternative_name(const char *hostname, const X509 *server_cert)