mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-02-26 07:49:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Improve redbean wildcard certificate support

Browse source
This commit is contained in:
Justine Tunney 2022-06-11 19:25:03 -07:00
parent 29af890efa
commit a5849f8549
1 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
net/https/certhashost.c
View file

@ -25,15 +25,18 @@ bool CertHasHost(const mbedtls_x509_crt *cert, const void *s, size_t n) {
if ((cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) == if ((cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) ==
MBEDTLS_X509_SAN_DNS_NAME) { MBEDTLS_X509_SAN_DNS_NAME) {
if (cur->buf.len > 2 && cur->buf.p[0] == '*' && cur->buf.p[1] == '.') { if (cur->buf.len > 2 && cur->buf.p[0] == '*' && cur->buf.p[1] == '.') {
// handle subject alt name like *.foo.com (matching foo.com) // handle subject alt name like *.foo.com
if (SlicesEqualCase(s, n, cur->buf.p + 2, cur->buf.len - 2)) { // - match examples
return true; // - bar.foo.com
} // - zoo.foo.com
// handle subject alt name like *.foo.com (matching bar.foo.com) // - does not match
// - foo.com
// - zoo.bar.foo.com
if (n > cur->buf.len - 1 && if (n > cur->buf.len - 1 &&
SlicesEqualCase((char *)s + n - (cur->buf.len - 1), SlicesEqualCase((char *)s + n - (cur->buf.len - 1),
cur->buf.len - 1, cur->buf.p + 1, cur->buf.len - 1, cur->buf.p + 1,
cur->buf.len - 1)) { cur->buf.len - 1) &&
!memchr(s, '.', n - (cur->buf.len - 1))) {
return true; return true;
} }
} else { } else {