/** * Validates the server's identity by looking for the expected hostname in the * server's certificate. As described in RFC 6125, it first tries to find a match * in the Subject Alternative Name extension. If the extension is not present in * the certificate, it checks the Common Name instead. * * Returns MatchFound if a match was found. * Returns MatchNotFound if no matches were found. * Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. * Returns Error if there was an error. */ HostnameValidationResult validate_hostname(const char *hostname, const X509 *server_cert) { HostnameValidationResult result; if ((hostname == NULL) || (server_cert == NULL)) return Error; // First try the Subject Alternative Names extension result = matches_subject_alternative_name(hostname, server_cert); if (result == NoSANPresent) { // Extension was not found: try the Common Name result = matches_common_name(hostname, server_cert); } return result; }
int32_t validate_hostname(const char *hostname, const SSL *server) { int32_t result; X509 *server_cert = 0; if (!hostname || !server) { return Error; } server_cert = SSL_get_peer_certificate(server); if (!server_cert) { return Error; } result = matches_subject_alternative_name(hostname, server_cert); if (result == NoSANPresent) { result = matches_common_name(hostname, server_cert); } X509_free(server_cert); return result; }