1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
/*
* Helper functions to perform basic hostname validation using OpenSSL.
*
* Copyright (C) 2012, iSEC Partners.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
+ use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is furnished to do
+ so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* Author: Alban Diquet
*
* https://github.com/iSECPartners/ssl-conservatory
*
* Modified naming convention to match LibSylph.
*
*/
#ifndef __SSL_HOSTNAME_VALIDATION_H__
#define __SSL_HOSTNAME_VALIDATION_H__
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#if USE_SSL
#include <openssl/x509.h>
typedef enum {
SSL_HOSTNAME_MATCH_FOUND,
SSL_HOSTNAME_MATCH_NOT_FOUND,
SSL_HOSTNAME_NO_SAN_PRESENT,
SSL_HOSTNAME_MALFORMED_CERTIFICATE,
SSL_HOSTNAME_ERROR
} SSLHostnameValidationResult;
/**
* Validates the server's identity by looking for the expected hostname in the
* server's certificate. As described in RFC 6125, it first tries to find a match
* in the Subject Alternative Name extension. If the extension is not present in
* the certificate, it checks the Common Name instead.
*
* Returns MatchFound if a match was found.
* Returns MatchNotFound if no matches were found.
* Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it.
* Returns Error if there was an error.
*/
SSLHostnameValidationResult ssl_validate_hostname(const char *hostname, const X509 *server_cert);
#endif /* USE_SSL */
#endif /* __SSL_HOSTNAME_VALIDATION_H__ */
|
