Attachment 75194 Details for Bug 108661 – file.diff

[patch] file.diff

file.diff (text/plain), 1.09 KB, created by Johan van Selst on 2007-02-01 14:40:25 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Johan van Selst

Created: 2007-02-01 14:40:25 UTC

Size: 1.09 KB

patch

obsolete

>--- WWW/Library/Implementation/HTTP.c.orig	Wed Jan 31 17:20:44 2007
>+++ WWW/Library/Implementation/HTTP.c	Wed Jan 31 17:20:39 2007
>@@ -725,6 +725,36 @@ static int HTLoadHTTP(const char *arg,
> 	/* strip port number */
> 	if ((p = strchr(ssl_host, ':')) != NULL)
> 	    *p = '\0';
>+
>+	/* Quick and dirty SubjectAltName patch -johans 20070131*/
>+	{
>+	X509 *cert = SSL_get_peer_certificate(handle);
>+	int opt = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
>+	if (opt >= 0)
>+	{
>+		X509_EXTENSION *ext = X509_get_ext(cert, i);
>+		STACK_OF(GENERAL_NAME) *alt = X509V3_EXT_d2i(ext);
>+		if (alt)
>+		{
>+			int i, n = sk_GENERAL_NAME_num(alt);
>+			GENERAL_NAME *gn;
>+			for (i = 0; i < n; i++)
>+			{
>+				gn = sk_GENERAL_NAME_value(alt, i);
>+				if (gn->type == GEN_DNS)
>+				{
>+					char *sn = ASN1_STRING_data(gn->d.ia5);
>+					if (!strcasecmp_asterisk(ssl_host, sn))
>+						status_sslcertcheck = 2;
>+				}
>+
>+			}
>+		}
>+
>+	}
>+	}
>+	if (!status_sslcertcheck)
>+
> 	/* validate all CNs found in DN */
> 	while ((cert_host = strstr(ssl_dn_start, "/CN=")) != NULL) {
> 	    status_sslcertcheck = 1;	/* 1 = could not verify CN */

Actions: View | Diff

Attachments on bug 108661: 75194 | 75195