falkTX
/
Carla
mirror of https://github.com/falkTX/Carla
1
0
Fork 0
Code Releases 42 Activity
Audio plugin host https://kx.studio/carla
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6887 Commits
16 Branches
16GB
Tree: 46a3761a71
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '46a3761a71'
${ noResults }
Carla/source/modules/hylia/link/asio/ssl/impl/rfc2818_verification.ipp

rfc2818_verification.ipp 4.5KB
Raw Normal View History

Import hylia/link code
7 years ago
Update hylia (link) sources, now builds with mingw
5 years ago
Import hylia/link code
7 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. //

  2. // ssl/impl/rfc2818_verification.ipp

  3. // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. //

  5. // Copyright (c) 2003-2019 Christopher M. Kohlhoff (chris at kohlhoff dot com)

  6. //

  7. // Distributed under the Boost Software License, Version 1.0. (See accompanying

  8. // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)

  9. //

  10. 

  11. #ifndef ASIO_SSL_IMPL_RFC2818_VERIFICATION_IPP

  12. #define ASIO_SSL_IMPL_RFC2818_VERIFICATION_IPP

  13. 

  14. #if defined(_MSC_VER) && (_MSC_VER >= 1200)

  15. # pragma once

  16. #endif // defined(_MSC_VER) && (_MSC_VER >= 1200)

  17. 

  18. #include "asio/detail/config.hpp"

  19. 

  20. #include <cctype>

  21. #include <cstring>

  22. #include "asio/ip/address.hpp"

  23. #include "asio/ssl/rfc2818_verification.hpp"

  24. #include "asio/ssl/detail/openssl_types.hpp"

  25. 

  26. #include "asio/detail/push_options.hpp"

  27. 

  28. namespace asio {

  29. namespace ssl {

  30. 

  31. bool rfc2818_verification::operator()(

  32.     bool preverified, verify_context& ctx) const

  33. {

  34.   using namespace std; // For memcmp.

  35. 

  36.   // Don't bother looking at certificates that have failed pre-verification.

  37.   if (!preverified)

  38.     return false;

  39. 

  40.   // We're only interested in checking the certificate at the end of the chain.

  41.   int depth = X509_STORE_CTX_get_error_depth(ctx.native_handle());

  42.   if (depth > 0)

  43.     return true;

  44. 

  45.   // Try converting the host name to an address. If it is an address then we

  46.   // need to look for an IP address in the certificate rather than a host name.

  47.   asio::error_code ec;

  48.   ip::address address = ip::make_address(host_, ec);

  49.   bool is_address = !ec;

  50. 

  51.   X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle());

  52. 

  53.   // Go through the alternate names in the certificate looking for matching DNS

  54.   // or IP address entries.

  55.   GENERAL_NAMES* gens = static_cast<GENERAL_NAMES*>(

  56.       X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0));

  57.   for (int i = 0; i < sk_GENERAL_NAME_num(gens); ++i)

  58.   {

  59.     GENERAL_NAME* gen = sk_GENERAL_NAME_value(gens, i);

  60.     if (gen->type == GEN_DNS && !is_address)

  61.     {

  62.       ASN1_IA5STRING* domain = gen->d.dNSName;

  63.       if (domain->type == V_ASN1_IA5STRING && domain->data && domain->length)

  64.       {

  65.         const char* pattern = reinterpret_cast<const char*>(domain->data);

  66.         std::size_t pattern_length = domain->length;

  67.         if (match_pattern(pattern, pattern_length, host_.c_str()))

  68.         {

  69.           GENERAL_NAMES_free(gens);

  70.           return true;

  71.         }

  72.       }

  73.     }

  74.     else if (gen->type == GEN_IPADD && is_address)

  75.     {

  76.       ASN1_OCTET_STRING* ip_address = gen->d.iPAddress;

  77.       if (ip_address->type == V_ASN1_OCTET_STRING && ip_address->data)

  78.       {

  79.         if (address.is_v4() && ip_address->length == 4)

  80.         {

  81.           ip::address_v4::bytes_type bytes = address.to_v4().to_bytes();

  82.           if (memcmp(bytes.data(), ip_address->data, 4) == 0)

  83.           {

  84.             GENERAL_NAMES_free(gens);

  85.             return true;

  86.           }

  87.         }

  88.         else if (address.is_v6() && ip_address->length == 16)

  89.         {

  90.           ip::address_v6::bytes_type bytes = address.to_v6().to_bytes();

  91.           if (memcmp(bytes.data(), ip_address->data, 16) == 0)

  92.           {

  93.             GENERAL_NAMES_free(gens);

  94.             return true;

  95.           }

  96.         }

  97.       }

  98.     }

  99.   }

  100.   GENERAL_NAMES_free(gens);

  101. 

  102.   // No match in the alternate names, so try the common names. We should only

  103.   // use the "most specific" common name, which is the last one in the list.

  104.   X509_NAME* name = X509_get_subject_name(cert);

  105.   int i = -1;

  106.   ASN1_STRING* common_name = 0;

  107.   while ((i = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)

  108.   {

  109.     X509_NAME_ENTRY* name_entry = X509_NAME_get_entry(name, i);

  110.     common_name = X509_NAME_ENTRY_get_data(name_entry);

  111.   }

  112.   if (common_name && common_name->data && common_name->length)

  113.   {

  114.     const char* pattern = reinterpret_cast<const char*>(common_name->data);

  115.     std::size_t pattern_length = common_name->length;

  116.     if (match_pattern(pattern, pattern_length, host_.c_str()))

  117.       return true;

  118.   }

  119. 

  120.   return false;

  121. }

  122. 

  123. bool rfc2818_verification::match_pattern(const char* pattern,

  124.     std::size_t pattern_length, const char* host)

  125. {

  126.   using namespace std; // For tolower.

  127. 

  128.   const char* p = pattern;

  129.   const char* p_end = p + pattern_length;

  130.   const char* h = host;

  131. 

  132.   while (p != p_end && *h)

  133.   {

  134.     if (*p == '*')

  135.     {

  136.       ++p;

  137.       while (*h && *h != '.')

  138.         if (match_pattern(p, p_end - p, h++))

  139.           return true;

  140.     }

  141.     else if (tolower(*p) == tolower(*h))

  142.     {

  143.       ++p;

  144.       ++h;

  145.     }

  146.     else

  147.     {

  148.       return false;

  149.     }

  150.   }

  151. 

  152.   return p == p_end && !*h;

  153. }

  154. 

  155. } // namespace ssl

  156. } // namespace asio

  157. 

  158. #include "asio/detail/pop_options.hpp"

  159. 

  160. #endif // ASIO_SSL_IMPL_RFC2818_VERIFICATION_IPP