XRootD
XrdTlsHostcheck.icc File Reference
#include <cstring>
+ Include dependency graph for XrdTlsHostcheck.icc:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

int Curl_cert_hostcheck (const char *match_pattern, const char *hostname)
 
static int Curl_raw_equal (const char *first, const char *second)
 
static int Curl_raw_nequal (const char *first, const char *second, size_t max)
 
static char Curl_raw_toupper (char in)
 
static int hostmatch (const char *hostname, const char *pattern)
 

Function Documentation

◆ Curl_cert_hostcheck()

int Curl_cert_hostcheck ( const char *  match_pattern,
const char *  hostname 
)

Definition at line 205 of file XrdTlsHostcheck.icc.

206 {
207  if(!match_pattern || !*match_pattern ||
208  !hostname || !*hostname) /* sanity check */
209  return 0;
210 
211  if(Curl_raw_equal(hostname, match_pattern)) /* trivial case */
212  return 1;
213 
214  if(hostmatch(hostname,match_pattern) == CURL_HOST_MATCH)
215  return 1;
216  return 0;
217 }
#define CURL_HOST_MATCH
static int Curl_raw_equal(const char *first, const char *second)
static int hostmatch(const char *hostname, const char *pattern)

References CURL_HOST_MATCH, Curl_raw_equal(), and hostmatch().

Referenced by matches_common_name(), and matches_subject_alternative_name().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Curl_raw_equal()

static int Curl_raw_equal ( const char *  first,
const char *  second 
)
static

Definition at line 123 of file XrdTlsHostcheck.icc.

124 {
125  while(*first && *second) {
126  if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second))
127  /* get out of the loop as soon as they don't match */
128  break;
129  first++;
130  second++;
131  }
132  /* we do the comparison here (possibly again), just to make sure that if the
133  loop above is skipped because one of the strings reached zero, we must not
134  return this as a successful match */
135  return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second));
136 }
static char Curl_raw_toupper(char in)

References Curl_raw_toupper().

Referenced by Curl_cert_hostcheck(), and hostmatch().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Curl_raw_nequal()

static int Curl_raw_nequal ( const char *  first,
const char *  second,
size_t  max 
)
static

Definition at line 138 of file XrdTlsHostcheck.icc.

139 {
140  while(*first && *second && max) {
141  if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) {
142  break;
143  }
144  max--;
145  first++;
146  second++;
147  }
148  if(0 == max)
149  return 1; /* they are equal this far */
150 
151  return Curl_raw_toupper(*first) == Curl_raw_toupper(*second);
152 }

References Curl_raw_toupper().

Referenced by hostmatch().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Curl_raw_toupper()

static char Curl_raw_toupper ( char  in)
static

Definition at line 54 of file XrdTlsHostcheck.icc.

55 {
56  switch (in) {
57  case 'a':
58  return 'A';
59  case 'b':
60  return 'B';
61  case 'c':
62  return 'C';
63  case 'd':
64  return 'D';
65  case 'e':
66  return 'E';
67  case 'f':
68  return 'F';
69  case 'g':
70  return 'G';
71  case 'h':
72  return 'H';
73  case 'i':
74  return 'I';
75  case 'j':
76  return 'J';
77  case 'k':
78  return 'K';
79  case 'l':
80  return 'L';
81  case 'm':
82  return 'M';
83  case 'n':
84  return 'N';
85  case 'o':
86  return 'O';
87  case 'p':
88  return 'P';
89  case 'q':
90  return 'Q';
91  case 'r':
92  return 'R';
93  case 's':
94  return 'S';
95  case 't':
96  return 'T';
97  case 'u':
98  return 'U';
99  case 'v':
100  return 'V';
101  case 'w':
102  return 'W';
103  case 'x':
104  return 'X';
105  case 'y':
106  return 'Y';
107  case 'z':
108  return 'Z';
109  }
110  return in;
111 }

Referenced by Curl_raw_equal(), and Curl_raw_nequal().

+ Here is the caller graph for this function:

◆ hostmatch()

static int hostmatch ( const char *  hostname,
const char *  pattern 
)
static

Definition at line 163 of file XrdTlsHostcheck.icc.

164 {
165  const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
166  int wildcard_enabled;
167  size_t prefixlen, suffixlen;
168  pattern_wildcard = strchr(pattern, '*');
169  if(pattern_wildcard == NULL)
170  return Curl_raw_equal(pattern, hostname) ?
172 
173  /* We require at least 2 dots in pattern to avoid too wide wildcard
174  match. */
175  wildcard_enabled = 1;
176  pattern_label_end = strchr(pattern, '.');
177  if(pattern_label_end == NULL || strchr(pattern_label_end+1, '.') == NULL ||
178  pattern_wildcard > pattern_label_end ||
179  Curl_raw_nequal(pattern, "xn--", 4)) {
180  wildcard_enabled = 0;
181  }
182  if(!wildcard_enabled)
183  return Curl_raw_equal(pattern, hostname) ?
185 
186  hostname_label_end = strchr(hostname, '.');
187  if(hostname_label_end == NULL ||
188  !Curl_raw_equal(pattern_label_end, hostname_label_end))
189  return CURL_HOST_NOMATCH;
190 
191  /* The wildcard must match at least one character, so the left-most
192  label of the hostname is at least as large as the left-most label
193  of the pattern. */
194  if(hostname_label_end - hostname < pattern_label_end - pattern)
195  return CURL_HOST_NOMATCH;
196 
197  prefixlen = pattern_wildcard - pattern;
198  suffixlen = pattern_label_end - (pattern_wildcard+1);
199  return Curl_raw_nequal(pattern, hostname, prefixlen) &&
200  Curl_raw_nequal(pattern_wildcard+1, hostname_label_end - suffixlen,
201  suffixlen) ?
203 }
#define CURL_HOST_NOMATCH
static int Curl_raw_nequal(const char *first, const char *second, size_t max)

References CURL_HOST_MATCH, CURL_HOST_NOMATCH, Curl_raw_equal(), and Curl_raw_nequal().

Referenced by Curl_cert_hostcheck().

+ Here is the call graph for this function:
+ Here is the caller graph for this function: