diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/ffi/ffi.h | 6 | ||||
-rw-r--r-- | src/lib/ffi/ffi_cert.cpp | 9 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index 296d64ef2..20611fde9 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -1202,6 +1202,12 @@ enum botan_x509_cert_key_constraints { BOTAN_PUBLIC_API(2,0) int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int key_usage); /** +* Check if the certificate matches the specified hostname via alternative name or CN match. +* RFC 5280 wildcards also supported. +*/ +BOTAN_PUBLIC_API(2,5) int botan_x509_cert_hostname_match(botan_x509_cert_t cert, const char* hostname); + +/** * Key wrapping as per RFC 3394 */ BOTAN_PUBLIC_API(2,2) diff --git a/src/lib/ffi/ffi_cert.cpp b/src/lib/ffi/ffi_cert.cpp index 6031d02aa..3c5f17277 100644 --- a/src/lib/ffi/ffi_cert.cpp +++ b/src/lib/ffi/ffi_cert.cpp @@ -133,4 +133,13 @@ int botan_x509_cert_get_public_key_bits(botan_x509_cert_t cert, uint8_t out[], s return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.subject_public_key_bits()); }); } +int botan_x509_cert_hostname_match(botan_x509_cert_t cert, const char* hostname) + { + if(hostname == nullptr) + return BOTAN_FFI_ERROR_NULL_POINTER; + + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, + { return c.matches_dns_name(hostname) ? 0 : -1; }); + } + } |