|
Lines 725-730
static int HTLoadHTTP(const char *arg,
Link Here
|
| 725 |
/* strip port number */ |
725 |
/* strip port number */ |
| 726 |
if ((p = strchr(ssl_host, ':')) != NULL) |
726 |
if ((p = strchr(ssl_host, ':')) != NULL) |
| 727 |
*p = '\0'; |
727 |
*p = '\0'; |
|
|
728 |
|
| 729 |
/* Quick and dirty SubjectAltName patch -johans 20070131*/ |
| 730 |
{ |
| 731 |
X509 *cert = SSL_get_peer_certificate(handle); |
| 732 |
int opt = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); |
| 733 |
if (opt >= 0) |
| 734 |
{ |
| 735 |
X509_EXTENSION *ext = X509_get_ext(cert, i); |
| 736 |
STACK_OF(GENERAL_NAME) *alt = X509V3_EXT_d2i(ext); |
| 737 |
if (alt) |
| 738 |
{ |
| 739 |
int i, n = sk_GENERAL_NAME_num(alt); |
| 740 |
GENERAL_NAME *gn; |
| 741 |
for (i = 0; i < n; i++) |
| 742 |
{ |
| 743 |
gn = sk_GENERAL_NAME_value(alt, i); |
| 744 |
if (gn->type == GEN_DNS) |
| 745 |
{ |
| 746 |
char *sn = ASN1_STRING_data(gn->d.ia5); |
| 747 |
if (!strcasecmp_asterisk(ssl_host, sn)) |
| 748 |
status_sslcertcheck = 2; |
| 749 |
} |
| 750 |
|
| 751 |
} |
| 752 |
} |
| 753 |
|
| 754 |
} |
| 755 |
} |
| 756 |
if (!status_sslcertcheck) |
| 757 |
|
| 728 |
/* validate all CNs found in DN */ |
758 |
/* validate all CNs found in DN */ |
| 729 |
while ((cert_host = strstr(ssl_dn_start, "/CN=")) != NULL) { |
759 |
while ((cert_host = strstr(ssl_dn_start, "/CN=")) != NULL) { |
| 730 |
status_sslcertcheck = 1; /* 1 = could not verify CN */ |
760 |
status_sslcertcheck = 1; /* 1 = could not verify CN */ |