Add very basic wildcarding in X509_Certificate::matches_dns_name

author: lloyd <[email protected]> 2012-04-18 00:32:56 +0000
committer: lloyd <[email protected]> 2012-04-18 00:32:56 +0000
commit: 0f0a9bf70a5aa13eb2597f3537f91f7aa1aaba18 (patch)
tree: ad5e846ceabcf632a3495f6352181bca9b3ff3fe /src/cert/x509cert
parent: bc3c4823036c306f03c010b9d4a8f2eef6424fbf (diff)
1 files changed, 18 insertions, 2 deletions
diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp
index 7b57f6b1c..48a6d3a0b 100644
--- a/src/cert/x509cert/x509cert.cpp
+++ b/src/cert/x509cert/x509cert.cpp
@@ -291,9 +291,22 @@ bool cert_subject_dns_match(const std::string& name,
    {
    for(size_t i = 0; i != cert_names.size(); ++i)
       {
-      // support basic wildcarding?
-      if(cert_names[i] == name)
+      const std::string cn = cert_names[i];
+
+      if(cn == name)
          return true;
+
+      /*
+      * Possible wildcard match. We only support the most basic form of
+      * cert wildcarding ala RFC 2595
+      */
+      if(cn.size() > 2 && cn[0] == '*' && cn[1] == '.' && name.size() > cn.size())
+         {
+         const std::string base = cn.substr(1, std::string::npos);
+
+         if(name.compare(name.size() - base.size(), base.size(), base) == 0)
+            return true;
+         }
       }
 
    return false;
@@ -303,6 +316,9 @@ bool cert_subject_dns_match(const std::string& name,
 
 bool X509_Certificate::matches_dns_name(const std::string& name) const
    {
+   if(name == "")
+      return false;
+
    if(cert_subject_dns_match(name, subject_info("DNS")))
       return true;
author	lloyd <[email protected]>	2012-04-18 00:32:56 +0000
committer	lloyd <[email protected]>	2012-04-18 00:32:56 +0000
commit	0f0a9bf70a5aa13eb2597f3537f91f7aa1aaba18 (patch)
tree	ad5e846ceabcf632a3495f6352181bca9b3ff3fe /src/cert/x509cert
parent	bc3c4823036c306f03c010b9d4a8f2eef6424fbf (diff)