diff options
| author | René Korthaus <[email protected]> | 2017-04-20 09:54:19 +0200 |
|---|---|---|
| committer | René Korthaus <[email protected]> | 2017-04-20 17:12:23 +0200 |
| commit | 289cc25709b081cd112d47db66c4f2fbf4609583 (patch) | |
| tree | fbb5cfad1fc6c94cad08ebc8bafd724a953425af /src/tests/test_utils.cpp | |
| parent | 8ee030e6d4f3b7b449aab3c1cca1a3837a5143e5 (diff) | |
Complete wildcard handling for X.509 certificates
Hostname validation is used to make sure the certificate
hostname matches the hostname of the connected host.
RFC 6125 allows one wildcard in the left-most label of
a hostname. Up to now, we only supported only the wildcard
as the left-most label, e.g., www.example.com would
match *.example.com, but www.example.com would not
match www*.example.com, although it is permitted.
Also adds test vectors from RFC 6125 as well as the
OpenSSL test suite.
Diffstat (limited to 'src/tests/test_utils.cpp')
| -rw-r--r-- | src/tests/test_utils.cpp | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index a2601722d..8c1d353b4 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -1,6 +1,7 @@ /* * (C) 2015 Jack Lloyd * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity +* (C) 2017 René Korthaus, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -12,6 +13,7 @@ #include <botan/calendar.h> #include <botan/internal/rounding.h> #include <botan/charset.h> +#include <botan/parsing.h> #if defined(BOTAN_HAS_BASE64_CODEC) #include <botan/base64.h> @@ -454,6 +456,32 @@ class Charset_Tests : public Text_Based_Test BOTAN_REGISTER_TEST("charset", Charset_Tests); +class Hostname_Tests : public Text_Based_Test + { + public: + Hostname_Tests() : Text_Based_Test("hostnames.vec", "Issued,Hostname") + {} + + Test::Result run_one_test(const std::string& type, const VarMap& vars) override + { + using namespace Botan; + + Test::Result result("Hostname"); + + const std::string issued = get_req_str(vars, "Issued"); + const std::string hostname = get_req_str(vars, "Hostname"); + const bool expected = (type == "Invalid") ? false : true; + + const std::string what = hostname + ((expected == true) ? + " matches " : " does not match ") + issued; + result.test_eq(what, Botan::host_wildcard_match(issued, hostname), expected); + + return result; + } + }; + +BOTAN_REGISTER_TEST("hostname", Hostname_Tests); + } } |