mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-05-22 21:32:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Handle wildcard certificates in redbean

Browse source
This commit is contained in:
Justine Tunney 2022-06-10 21:51:46 -07:00
parent c6d8e516b2
commit 5deda43766
2 changed files with 26 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

22
net/https/certhashost.c
View file

@ -23,9 +23,25 @@ bool CertHasHost(const mbedtls_x509_crt *cert, const void *s, size_t n) {
const mbedtls_x509_sequence *cur;
for (cur = &cert->subject_alt_names; cur; cur = cur->next) {
if ((cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) ==
MBEDTLS_X509_SAN_DNS_NAME &&
SlicesEqualCase(s, n, cur->buf.p, cur->buf.len)) {
return true;
MBEDTLS_X509_SAN_DNS_NAME) {
if (cur->buf.len > 2 && cur->buf.p[0] == '*' && cur->buf.p[1] == '.') {
// handle subject alt name like *.foo.com (matching foo.com)
if (SlicesEqualCase(s, n, cur->buf.p + 2, cur->buf.len - 2)) {
return true;
}
// handle subject alt name like *.foo.com (matching bar.foo.com)
if (n > cur->buf.len - 1 &&
SlicesEqualCase((char *)s + n - (cur->buf.len - 1),
cur->buf.len - 1, cur->buf.p + 1,
cur->buf.len - 1)) {
return true;
}
} else {
// handle subject alt name like foo.com
if (SlicesEqualCase(s, n, cur->buf.p, cur->buf.len)) {
return true;
}
}
}
}
return false;