Actually check CA signatures in Credentials_Manager. This area needs a

lot more work before this can be deployed.

2 files changed, 34 insertions, 0 deletions

diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp
index 88aeebd77..7b57f6b1c 100644
--- a/src/cert/x509cert/x509cert.cpp
+++ b/src/cert/x509cert/x509cert.cpp
@@ -284,6 +284,34 @@ X509_DN X509_Certificate::subject_dn() const
    return create_dn(subject);
    }
 
+namespace {
+
+bool cert_subject_dns_match(const std::string& name,
+                            const std::vector<std::string>& cert_names)
+   {
+   for(size_t i = 0; i != cert_names.size(); ++i)
+      {
+      // support basic wildcarding?
+      if(cert_names[i] == name)
+         return true;
+      }
+
+   return false;
+   }
+
+}
+
+bool X509_Certificate::matches_dns_name(const std::string& name) const
+   {
+   if(cert_subject_dns_match(name, subject_info("DNS")))
+      return true;
+
+   if(cert_subject_dns_match(name, subject_info("Name")))
+      return true;
+
+   return false;
+   }
+
 /*
 * Compare two certificates for equality
 */
diff --git a/src/cert/x509cert/x509cert.h b/src/cert/x509cert/x509cert.h
index cd49aa02f..26c57e524 100644
--- a/src/cert/x509cert/x509cert.h
+++ b/src/cert/x509cert/x509cert.h
@@ -146,6 +146,12 @@ class BOTAN_DLL X509_Certificate : public X509_Object
       std::string to_string() const;
 
       /**
+      * Check if a certain DNS name matches up with the information in
+      * the cert
+      */
+      bool matches_dns_name(const std::string& name) const;
+
+      /**
       * Check to certificates for equality.
       * @return true both certificates are (binary) equal
       */