Github
/
FTL
mirror of
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Also check wildcards prefixed by "CN=" in the subject name of the certificate 

Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER 2023-11-27 14:25:25 +01:00
parent b017c1c20c
commit 1d03a5356d
No known key found for this signature in database
GPG Key ID: 00135ACBD90B28DD
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/webserver/x509.c
View File

@ -405,17 +405,24 @@ next_san:
// Also check against the common name (CN) field
char subject[MBEDTLS_X509_MAX_DN_NAME_SIZE];
if(mbedtls_x509_dn_gets(subject, sizeof(subject), &crt.subject) > 0)
const size_t subject_len = mbedtls_x509_dn_gets(subject, sizeof(subject), &crt.subject);
if(subject_len > 0)
{
// Check subject == "CN=<domain>"
if(strlen(subject) > 3 && strncasecmp(subject, "CN=", 3) == 0 && strcasecmp(domain, subject + 3) == 0)
found = true;
if(subject_len > 3 && strncasecmp(subject, "CN=", 3) == 0)
{
// Check subject + 3 == "CN=" to skip the "CN=" prefix
if(strncasecmp(domain, subject + 3, subject_len) == 0)
found = true;
// Also check if the subject is a wildcard domain
else if(check_wildcard_domain(domain, subject + 3, subject_len - 3))
found = true;
}
// Check subject == "<domain>"
else if(strcasecmp(domain, subject) == 0)
found = true;
// Also check if the subject is a wildcard domain and if the domain
// matches the wildcard
else if(check_wildcard_domain(domain, subject, strlen(subject)))
else if(check_wildcard_domain(domain, subject, subject_len))
found = true;
}