In Files

  • openssl/lib/openssl/ssl-internal.rb
  • openssl/ossl.c

Class/Module Index [+]

Quicksearch

OpenSSL::SSL

let rdoc know about mOSSL

Public Class Methods

verify_certificate_identity(cert, hostname) click to toggle source
 
               # File openssl/lib/openssl/ssl-internal.rb, line 128
def verify_certificate_identity(cert, hostname)
  should_verify_common_name = true
  cert.extensions.each{|ext|
    next if ext.oid != "subjectAltName"
    ostr = OpenSSL::ASN1.decode(ext.to_der).value.last
    sequence = OpenSSL::ASN1.decode(ostr.value)
    sequence.value.each{|san|
      case san.tag
      when 2 # dNSName in GeneralName (RFC5280)
        should_verify_common_name = false
        reg = Regexp.escape(san.value).gsub(/\\*/, "[^.]+")
        return true if /\A#{reg}\z/ =~ hostname
      when 7 # iPAddress in GeneralName (RFC5280)
        should_verify_common_name = false
        # follows GENERAL_NAME_print() in x509v3/v3_alt.c
        if san.value.size == 4
          return true if san.value.unpack('C*').join('.') == hostname
        elsif san.value.size == 16
          return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
        end
      end
    }
  }
  if should_verify_common_name
    cert.subject.to_a.each{|oid, value|
      if oid == "CN"
        reg = Regexp.escape(value).gsub(/\\*/, "[^.]+")
        return true if /\A#{reg}\z/ =~ hostname
      end
    }
  end
  return false
end