diff options
author | lloyd <[email protected]> | 2012-09-06 19:11:47 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-09-06 19:11:47 +0000 |
commit | 3c72c80e15d93c03f87356fdcadc43b7be444701 (patch) | |
tree | fb6bc08c81ad860187af3b876a9f811f894a30af /src/credentials | |
parent | d7edd620da6a7576a90e6877fa0a8b3632864b9c (diff) |
Move the hostname check last as it's the least 'important' error.
Only check it if the cert is otherwise valid.
Diffstat (limited to 'src/credentials')
-rw-r--r-- | src/credentials/credentials_manager.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp index a1f2c90df..95a54d1ae 100644 --- a/src/credentials/credentials_manager.cpp +++ b/src/credentials/credentials_manager.cpp @@ -101,9 +101,6 @@ void Credentials_Manager::verify_certificate_chain( if(cert_chain.empty()) throw std::invalid_argument("Certificate chain was empty"); - if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname)) - throw std::runtime_error("Certificate did not match hostname"); - auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname); Certificate_Store_In_Memory CAs; @@ -120,6 +117,9 @@ void Credentials_Manager::verify_certificate_chain( if(!CAs.certificate_known(result.trust_root())) throw std::runtime_error("Certificate chain roots in unknown/untrusted CA"); + + if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname)) + throw std::runtime_error("Certificate did not match hostname"); } } |