pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:258:       // next we must verify the chain to see if the chain is unbroken       mapping result =    Standards.X509.verify_certificate_chain(certs,    context->trusted_issuers_cache,    context->require_trust);       if(result->verified)    { +  if (session->server_name) { +  array(Standards.X509.TBSCertificate) certs = +  [array(Standards.X509.TBSCertificate)](result->certificates); +  Standards.X509.TBSCertificate cert = certs[-1]; +  array(string) globs = Standards.PKCS.Certificate. +  decode_distinguished_name(cert->subject)->commonNmae - ({ 0 }); +  if (cert->ext_subjectAltName_dNSName) { +  globs += cert->ext_subjectAltName_dNSName; +  } +  result->server_name_verified = 0; +  foreach(globs, string g) { +  if (glob(g, session->server_name)) { +  result->server_name_verified = 1; +  break; +  } +  } +  }    // This data isn't actually used internally.    session->cert_data = result;    return 1;    }       return 0;   }      //! Do handshake processing. Type is one of HANDSHAKE_*, data is the   //! contents of the packet, and raw is the raw packet received (needed