nghttpx: Remove trailing "." from SAN DNS name and CN
This commit is contained in:
Tatsuhiro Tsujikawa
parent
00bf701600
commit
9b81eec944
|
|
@ -984,11 +984,21 @@ int verify_hostname(X509 *cert, const StringRef &hostname,
|
||||||
}
|
}
|
||||||
|
|
||||||
auto len = ASN1_STRING_length(altname->d.ia5);
|
auto len = ASN1_STRING_length(altname->d.ia5);
|
||||||
|
if (len == 0) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if (std::find(name, name + len, '\0') != name + len) {
|
if (std::find(name, name + len, '\0') != name + len) {
|
||||||
// Embedded NULL is not permitted.
|
// Embedded NULL is not permitted.
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (name[len - 1] == '.') {
|
||||||
|
--len;
|
||||||
|
if (len == 0) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (tls_hostname_match(StringRef{name, static_cast<size_t>(len)},
|
if (tls_hostname_match(StringRef{name, static_cast<size_t>(len)},
|
||||||
hostname)) {
|
hostname)) {
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -1140,7 +1150,7 @@ void CertLookupTree::add_cert(SSL_CTX *ssl_ctx, const StringRef &hostname) {
|
||||||
if (hostname.empty()) {
|
if (hostname.empty()) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// Copy hostname including terminal NULL
|
// Copy hostname
|
||||||
auto host_copy = make_unique<char[]>(hostname.size() + 1);
|
auto host_copy = make_unique<char[]>(hostname.size() + 1);
|
||||||
std::copy(std::begin(hostname), std::end(hostname), host_copy.get());
|
std::copy(std::begin(hostname), std::end(hostname), host_copy.get());
|
||||||
host_copy[hostname.size()] = '\0';
|
host_copy[hostname.size()] = '\0';
|
||||||
|
|
@ -1234,11 +1244,21 @@ int cert_lookup_tree_add_cert_from_file(CertLookupTree *lt, SSL_CTX *ssl_ctx,
|
||||||
}
|
}
|
||||||
|
|
||||||
auto len = ASN1_STRING_length(altname->d.ia5);
|
auto len = ASN1_STRING_length(altname->d.ia5);
|
||||||
|
if (len == 0) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if (std::find(name, name + len, '\0') != name + len) {
|
if (std::find(name, name + len, '\0') != name + len) {
|
||||||
// Embedded NULL is not permitted.
|
// Embedded NULL is not permitted.
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (name[len - 1] == '.') {
|
||||||
|
--len;
|
||||||
|
if (len == 0) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
lt->add_cert(ssl_ctx, StringRef{name, static_cast<size_t>(len)});
|
lt->add_cert(ssl_ctx, StringRef{name, static_cast<size_t>(len)});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1248,6 +1268,16 @@ int cert_lookup_tree_add_cert_from_file(CertLookupTree *lt, SSL_CTX *ssl_ctx,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (cn[cn.size() - 1] == '.') {
|
||||||
|
if (cn.size() == 1) {
|
||||||
|
OPENSSL_free(const_cast<char *>(cn.c_str()));
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
cn = StringRef{cn.c_str(), cn.size() - 1};
|
||||||
|
}
|
||||||
|
|
||||||
lt->add_cert(ssl_ctx, cn);
|
lt->add_cert(ssl_ctx, cn);
|
||||||
|
|
||||||
OPENSSL_free(const_cast<char *>(cn.c_str()));
|
OPENSSL_free(const_cast<char *>(cn.c_str()));
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue