pike.git
/
lib
/
modules
/
SSL.pmod
/
Connection.pike
version
»
Context lines:
10
20
40
80
file
none
3
pike.git/lib/modules/SSL.pmod/Connection.pike:306:
// Decode the chain, verify each certificate and verify that the // chain is unbroken. mapping result = ([]); catch { result = Standards.X509.verify_certificate_chain(certs, context->trusted_issuers_cache, context->require_trust); };
+
if (session->server_name && sizeof(result->certificates || ({}))) {
+
array(Standards.X509.TBSCertificate) certs =
+
[array(Standards.X509.TBSCertificate)](result->certificates);
+
Standards.X509.TBSCertificate cert = certs[-1];
+
array(string) globs = Standards.PKCS.Certificate.
+
decode_distinguished_name(cert->subject)->commonNmae - ({ 0 });
+
if (cert->ext_subjectAltName_dNSName) {
+
globs += cert->ext_subjectAltName_dNSName;
+
}
+
result->server_name_verified = 0;
+
foreach(globs, string g) {
+
if (glob(g, session->server_name)) {
+
result->server_name_verified = 1;
+
break;
+
}
+
}
+
}
+
// This data isn't actually used internally. session->cert_data = result; if(result->verified) return [array(Standards.X509.TBSCertificate)]result->certificates; return 0; } // Decodes certificate data. Leaves session->peer_certificate_chain