37 bool XrdTlsNotary::cnOK =
true;
60 bool dnsOK = (addrInfo != 0);
65 X509 *theCert = SSL_get_peer_certificate(ssl);
66 if (!theCert)
return "certificate not present.";
70 if (verChk && (SSL_get_verify_result(ssl) != X509_V_OK))
72 return "certificate has not been verified.";
87 {
if (rc ==
MatchNotFound)
return "hostname not in SAN extension.";
88 return "malformed SAN extension.";
97 {
if (rc ==
Error)
return "malformed certificate.";
98 return "malformed common name.";
105 {
const char *dnsErr = 0;
106 const char *dnsName = addrInfo->
Name(0, &dnsErr);
108 {
if (!strcmp(hName, dnsName))
return 0;
109 return "DNS registered name does not match.";
111 if (dnsErr)
return dnsErr;
112 return "host not registered in DNS.";
117 return "required SAN extension missing.";
static HostnameValidationResult matches_common_name(const char *hostname, const X509 *server_cert)
static HostnameValidationResult matches_subject_alternative_name(const char *hostname, const X509 *server_cert)
const char * Name(const char *eName=0, const char **eText=0)
static const char * Validate(const SSL *ssl, const char *hName, XrdNetAddrInfo *netInfo=0)