9201d1aa8a
This changeset addresses concerns about how the OpenSSLAdapter does certificate name matching. The current approach has a number of issues which are outlined in the bug description. The approach taken in this changeset is to use the standard function X509_check_host which should correctly parse the wildcard expansions and is directly supported in OpenSSL instead of attempting my own implementation. This changeset uses this as an opportunity to add additional parameter checking and refactoring logging code out of the main code path. Bug: webrtc:8888 Change-Id: Iaffe1daddcd52193ba674489f613ce8515b81e91 Reviewed-on: https://webrtc-review.googlesource.com/65022 Commit-Queue: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org> Reviewed-by: Emad Omara <emadomara@webrtc.org> Cr-Commit-Position: refs/heads/master@{#22755}
30 lines
986 B
C++
30 lines
986 B
C++
/*
|
|
* Copyright 2018 The WebRTC Project Authors. All rights reserved.
|
|
*
|
|
* Use of this source code is governed by a BSD-style license
|
|
* that can be found in the LICENSE file in the root of the source
|
|
* tree. An additional intellectual property rights grant can be found
|
|
* in the file PATENTS. All contributing project authors may
|
|
* be found in the AUTHORS file in the root of the source tree.
|
|
*/
|
|
|
|
#ifndef RTC_BASE_OPENSSLCOMMON_H_
|
|
#define RTC_BASE_OPENSSLCOMMON_H_
|
|
|
|
#include <string>
|
|
|
|
typedef struct ssl_st SSL;
|
|
|
|
namespace rtc {
|
|
// The openssl namespace holds static helper methods. All methods related
|
|
// to OpenSSL that are commonly used and don't require global state should be
|
|
// placed here.
|
|
namespace openssl {
|
|
// Verifies that the hostname provided matches that in the peer certificate
|
|
// attached to this SSL state.
|
|
bool VerifyPeerCertMatchesHost(SSL* ssl, const std::string& host);
|
|
} // namespace openssl
|
|
} // namespace rtc
|
|
|
|
#endif // RTC_BASE_OPENSSLCOMMON_H_
|