pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:306:       // Decode the chain, verify each certificate and verify that the    // chain is unbroken.    mapping result = ([]);    catch {    result = Standards.X509.verify_certificate_chain(certs,    context->trusted_issuers_cache,    context->require_trust);    };    +  if (session->server_name && sizeof(result->certificates || ({}))) { +  array(Standards.X509.TBSCertificate) certs = +  [array(Standards.X509.TBSCertificate)](result->certificates); +  Standards.X509.TBSCertificate cert = certs[-1]; +  array(string) globs = Standards.PKCS.Certificate. +  decode_distinguished_name(cert->subject)->commonNmae - ({ 0 }); +  if (cert->ext_subjectAltName_dNSName) { +  globs += cert->ext_subjectAltName_dNSName; +  } +  result->server_name_verified = 0; +  foreach(globs, string g) { +  if (glob(g, session->server_name)) { +  result->server_name_verified = 1; +  break; +  } +  } +  } +     // This data isn't actually used internally.    session->cert_data = result;       if(result->verified)    return [array(Standards.X509.TBSCertificate)]result->certificates;       return 0;   }      // Decodes certificate data. Leaves session->peer_certificate_chain