![]() |
XRootD
|
#include <openssl/x509v3.h>
#include <openssl/ssl.h>
Go to the source code of this file.
Macros | |
#define | HOSTNAME_MAX_SIZE 255 |
Functions | |
static HostnameValidationResult | matches_common_name (const char *hostname, const X509 *server_cert) |
static HostnameValidationResult | matches_subject_alternative_name (const char *hostname, const X509 *server_cert) |
HostnameValidationResult | validate_hostname (const char *hostname, const X509 *server_cert) |
#define HOSTNAME_MAX_SIZE 255 |
Definition at line 47 of file XrdTlsNotaryUtils.icc.
|
static |
Tries to find a match for hostname in the certificate's Common Name field.
Returns MatchFound if a match was found. Returns MatchNotFound if no matches were found. Returns MalformedCertificate if the Common Name had a NUL character embedded in it. Returns Error if the Common Name could not be extracted.
Definition at line 57 of file XrdTlsNotaryUtils.icc.
References Curl_cert_hostcheck(), CURL_HOST_MATCH, Macaroons::Error, MalformedCertificate, MatchFound, and MatchNotFound.
Referenced by XrdTlsNotary::Validate(), and validate_hostname().
|
static |
Tries to find a match for hostname in the certificate's Subject Alternative Name extension.
Returns MatchFound if a match was found. Returns MatchNotFound if no matches were found. Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. Returns NoSANPresent if the SAN extension was not present in the certificate.
Definition at line 109 of file XrdTlsNotaryUtils.icc.
References Curl_cert_hostcheck(), CURL_HOST_MATCH, MalformedCertificate, MatchFound, MatchNotFound, and NoSANPresent.
Referenced by XrdTlsNotary::Validate(), and validate_hostname().
HostnameValidationResult validate_hostname | ( | const char * | hostname, |
const X509 * | server_cert | ||
) |
Validates the server's identity by looking for the expected hostname in the server's certificate. As described in RFC 6125, it first tries to find a match in the Subject Alternative Name extension. If the extension is not present in the certificate, it checks the Common Name instead.
Returns MatchFound if a match was found. Returns MatchNotFound if no matches were found. Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. Returns Error if there was an error.
Definition at line 167 of file XrdTlsNotaryUtils.icc.
References Macaroons::Error, matches_common_name(), matches_subject_alternative_name(), and NoSANPresent.