narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[x509] Use case-insensitive comparison for certificate names 

DNS names are case-insensitive, and RFC 5280 (unlike RFC 3280)
mandates support for case-insensitive name comparison in X.509
certificates.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/373/head
Michael Brown 2021-05-18 11:46:28 +01:00
parent 661093054b
commit fc8bd4ba1a
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/crypto/x509.c
View File

@ -25,6 +25,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <errno.h>
#include <assert.h>
#include <ipxe/list.h>
@ -1464,7 +1465,7 @@ static int x509_check_dnsname ( struct x509_certificate *cert,
/* Compare names */
if ( ! ( ( strlen ( name ) == len ) &&
( memcmp ( name, dnsname, len ) == 0 ) ) )
( strncasecmp ( name, dnsname, len ) == 0 ) ) )
return -ENOENT;
if ( name != fullname ) {

1
src/tests/x509_test.c
View File

@ -1037,6 +1037,7 @@ static void x509_test_exec ( void ) {
/* Check certificate names */
x509_check_name_ok ( &server_crt, "boot.test.ipxe.org" );
x509_check_name_ok ( &server_crt, "demo.test.ipxe.org" );
x509_check_name_ok ( &server_crt, "demo.test.iPXE.org" );
x509_check_name_fail_ok ( &server_crt, "incorrect.test.ipxe.org" );
x509_check_name_ok ( &server_crt, "anything.alt.test.ipxe.org" );
x509_check_name_ok ( &server_crt, "wildcard.alt.test.ipxe.org" );