pike.git
/
lib
/
modules
/
SSL.pmod
/
Connection.pike
version
»
Context lines:
10
20
40
80
file
none
3
pike.git/lib/modules/SSL.pmod/Connection.pike:272:
if(result->verified && session->server_name && sizeof([array](result->certificates || ({})))) { array(Standards.X509.TBSCertificate) certs = [array(Standards.X509.TBSCertificate)](result->certificates); Standards.X509.TBSCertificate cert = certs[-1]; array(string) globs = Standards.PKCS.Certificate. decode_distinguished_name(cert->subject)->commonName - ({ 0 }); if (cert->ext_subjectAltName_dNSName) { globs += cert->ext_subjectAltName_dNSName; }
-
result->verified =
glob
(map(globs, lower_case)
,
-
lower
_
case
(
session->
server_name));
+
+
array(string) split_server_name = lower_case(session->server_name) / ".";
+
+
result->verified =
0;
+
+
OUTER: foreach
(map(globs, lower_case)
;; string the_glob) {
+
array(string)
split_glob
=
the_glob
/
".";
+
+
if
(sizeof(split_glob)
!=
sizeof(split_server_name))
+
continue;
+
+
foreach (split
_
glob; int i; string the_glob) {
+
if
(
!glob(the_glob, split_
server_name
[i]
))
+
continue OUTER
;
}
-
+
result->verified = 1;
+
break;
+
}
+
}
+
return [int(0..1)](result->verified); } //! Do handshake processing. Type is one of HANDSHAKE_*, data is the //! contents of the packet, and raw is the raw packet received (needed //! for supporting SSLv2 hello messages). //! //! This function returns 0 if handshake is in progress, 1 if handshake //! is finished, and -1 if a fatal error occurred. It uses the //! send_packet() function to transmit packets.