diff options
Diffstat (limited to 'libsylph/ssl_hostname_validation.h')
| -rw-r--r-- | libsylph/ssl_hostname_validation.h | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/libsylph/ssl_hostname_validation.h b/libsylph/ssl_hostname_validation.h new file mode 100644 index 00000000..beade37f --- /dev/null +++ b/libsylph/ssl_hostname_validation.h @@ -0,0 +1,51 @@ +/* + * Helper functions to perform basic hostname validation using OpenSSL. + * + * Copyright (C) 2012, iSEC Partners. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + + use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is furnished to do + + so, subject to the following conditions: + + + + The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * Author: Alban Diquet + * + * https://github.com/iSECPartners/ssl-conservatory + * + * Modified naming convention to match LibSylph. + * + */ + +typedef enum { + SSL_HOSTNAME_MATCH_FOUND, + SSL_HOSTNAME_MATCH_NOT_FOUND, + SSL_HOSTNAME_NO_SAN_PRESENT, + SSL_HOSTNAME_MALFORMED_CERTIFICATE, + SSL_HOSTNAME_ERROR +} SSLHostnameValidationResult; + +/** +* Validates the server's identity by looking for the expected hostname in the +* server's certificate. As described in RFC 6125, it first tries to find a match +* in the Subject Alternative Name extension. If the extension is not present in +* the certificate, it checks the Common Name instead. +* +* Returns MatchFound if a match was found. +* Returns MatchNotFound if no matches were found. +* Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. +* Returns Error if there was an error. +*/ +SSLHostnameValidationResult ssl_validate_hostname(const char *hostname, const X509 *server_cert); |