pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:272:    if(result->verified && session->server_name &&    sizeof([array](result->certificates || ({})))) {    array(Standards.X509.TBSCertificate) certs =    [array(Standards.X509.TBSCertificate)](result->certificates);    Standards.X509.TBSCertificate cert = certs[-1];    array(string) globs = Standards.PKCS.Certificate.    decode_distinguished_name(cert->subject)->commonName - ({ 0 });    if (cert->ext_subjectAltName_dNSName) {    globs += cert->ext_subjectAltName_dNSName;    } -  result->verified = glob(map(globs, lower_case), -  lower_case(session->server_name)); +  +  array(string) split_server_name = lower_case(session->server_name) / "."; +  +  result->verified = 0; +  + OUTER: foreach (map(globs, lower_case);; string the_glob) { +  array(string) split_glob = the_glob / "."; +  +  if (sizeof(split_glob) != sizeof(split_server_name)) +  continue; +  +  foreach (split_glob; int i; string the_glob) { +  if (!glob(the_glob, split_server_name[i])) +  continue OUTER;    }    -  +  result->verified = 1; +  break; +  } +  } +     return [int(0..1)](result->verified);   }      //! Do handshake processing. Type is one of HANDSHAKE_*, data is the   //! contents of the packet, and raw is the raw packet received (needed   //! for supporting SSLv2 hello messages).   //!   //! This function returns 0 if handshake is in progress, 1 if handshake   //! is finished, and -1 if a fatal error occurred. It uses the   //! send_packet() function to transmit packets.