aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-04-18 00:32:56 +0000
committerlloyd <[email protected]>2012-04-18 00:32:56 +0000
commit0f0a9bf70a5aa13eb2597f3537f91f7aa1aaba18 (patch)
treead5e846ceabcf632a3495f6352181bca9b3ff3fe
parentbc3c4823036c306f03c010b9d4a8f2eef6424fbf (diff)
Add very basic wildcarding in X509_Certificate::matches_dns_name
-rw-r--r--src/cert/x509cert/x509cert.cpp20
1 files changed, 18 insertions, 2 deletions
diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp
index 7b57f6b1c..48a6d3a0b 100644
--- a/src/cert/x509cert/x509cert.cpp
+++ b/src/cert/x509cert/x509cert.cpp
@@ -291,9 +291,22 @@ bool cert_subject_dns_match(const std::string& name,
{
for(size_t i = 0; i != cert_names.size(); ++i)
{
- // support basic wildcarding?
- if(cert_names[i] == name)
+ const std::string cn = cert_names[i];
+
+ if(cn == name)
return true;
+
+ /*
+ * Possible wildcard match. We only support the most basic form of
+ * cert wildcarding ala RFC 2595
+ */
+ if(cn.size() > 2 && cn[0] == '*' && cn[1] == '.' && name.size() > cn.size())
+ {
+ const std::string base = cn.substr(1, std::string::npos);
+
+ if(name.compare(name.size() - base.size(), base.size(), base) == 0)
+ return true;
+ }
}
return false;
@@ -303,6 +316,9 @@ bool cert_subject_dns_match(const std::string& name,
bool X509_Certificate::matches_dns_name(const std::string& name) const
{
+ if(name == "")
+ return false;
+
if(cert_subject_dns_match(name, subject_info("DNS")))
return true;