static void test_peer_matches_name(void) { size_t i = 0; for (i = 0; i < GPR_ARRAY_SIZE(cert_name_test_entries); i++) { const cert_name_test_entry *entry = &cert_name_test_entries[i]; tsi_peer peer = peer_from_cert_name_test_entry(entry); int result = tsi_ssl_peer_matches_name(&peer, entry->host_name); if (result != entry->expected) { char *entry_str = cert_name_test_entry_to_string(entry); gpr_log(GPR_ERROR, "%s", entry_str); gpr_free(entry_str); GPR_ASSERT(0); /* Unexpected result. */ } tsi_peer_destruct(&peer); } }
static int ssl_host_matches_name(const tsi_peer *peer, const char *peer_name) { char *allocated_name = NULL; int r; if (strchr(peer_name, ':') != NULL) { char *ignored_port; gpr_split_host_port(peer_name, &allocated_name, &ignored_port); gpr_free(ignored_port); peer_name = allocated_name; if (!peer_name) return 0; } r = tsi_ssl_peer_matches_name(peer, peer_name); gpr_free(allocated_name); return r; }
static void httpcli_ssl_check_peer(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc, tsi_peer peer, grpc_security_peer_check_cb cb, void *user_data) { grpc_httpcli_ssl_channel_security_connector *c = (grpc_httpcli_ssl_channel_security_connector *)sc; grpc_security_status status = GRPC_SECURITY_OK; /* Check the peer name. */ if (c->secure_peer_name != NULL && !tsi_ssl_peer_matches_name(&peer, c->secure_peer_name)) { gpr_log(GPR_ERROR, "Peer name %s is not in peer certificate", c->secure_peer_name); status = GRPC_SECURITY_ERROR; } cb(exec_ctx, user_data, status, NULL); tsi_peer_destruct(&peer); }
static void httpcli_ssl_check_peer(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc, tsi_peer peer, grpc_auth_context **auth_context, grpc_closure *on_peer_checked) { grpc_httpcli_ssl_channel_security_connector *c = (grpc_httpcli_ssl_channel_security_connector *)sc; grpc_error *error = GRPC_ERROR_NONE; /* Check the peer name. */ if (c->secure_peer_name != NULL && !tsi_ssl_peer_matches_name(&peer, c->secure_peer_name)) { char *msg; gpr_asprintf(&msg, "Peer name %s is not in peer certificate", c->secure_peer_name); error = GRPC_ERROR_CREATE(msg); gpr_free(msg); } grpc_exec_ctx_sched(exec_ctx, on_peer_checked, error, NULL); tsi_peer_destruct(&peer); }