bool WiFiClientSecure::_verifyDN(const char* domain_name) { DEBUGV("domain name: '%s'\r\n", (domain_name)?domain_name:"(null)"); String domain_name_str(domain_name); domain_name_str.toLowerCase(); const char* san = nullptr; int i = 0; while ((san = ssl_get_cert_subject_alt_dnsname(*_ssl, i)) != nullptr) { String san_str(san); san_str.toLowerCase(); if (matchName(san_str, domain_name_str)) { return true; } DEBUGV("SAN %d: '%s', no match\r\n", i, san); ++i; } const char* common_name = ssl_get_cert_dn(*_ssl, SSL_X509_CERT_COMMON_NAME); String common_name_str(common_name); common_name_str.toLowerCase(); if (common_name && matchName(common_name_str, domain_name_str)) { return true; } DEBUGV("CN: '%s', no match\r\n", (common_name)?common_name:"(null)"); return false; }
bool WiFiClientSecure::verify(const char* fp, const char* domain_name) { if (!_ssl) return false; uint8_t sha1[20]; int len = strlen(fp); int pos = 0; for (size_t i = 0; i < sizeof(sha1); ++i) { while (pos < len && ((fp[pos] == ' ') || (fp[pos] == ':'))) { ++pos; } if (pos > len - 2) { DEBUGV("pos:%d len:%d fingerprint too short\r\n", pos, len); return false; } uint8_t high, low; if (!parseHexNibble(fp[pos], &high) || !parseHexNibble(fp[pos+1], &low)) { DEBUGV("pos:%d len:%d invalid hex sequence: %c%c\r\n", pos, len, fp[pos], fp[pos+1]); return false; } pos += 2; sha1[i] = low | (high << 4); } if (ssl_match_fingerprint(*_ssl, sha1) != 0) { DEBUGV("fingerprint doesn't match\r\n"); return false; } DEBUGV("domain name: '%s'\r\n", (domain_name)?domain_name:"(null)"); String domain_name_str(domain_name); domain_name_str.toLowerCase(); const char* san = NULL; int i = 0; while((san = ssl_get_cert_subject_alt_dnsname(*_ssl, i)) != NULL) { if (matchName(String(san), domain_name_str)) { return true; } DEBUGV("SAN %d: '%s', no match\r\n", i, san); ++i; } const char* common_name = ssl_get_cert_dn(*_ssl, SSL_X509_CERT_COMMON_NAME); if (common_name && matchName(String(common_name), domain_name_str)) { return true; } DEBUGV("CN: '%s', no match\r\n", (common_name)?common_name:"(null)"); return false; }