From f6d232f1ac68fd52a69bb9a03995eaa6d7fde922 Mon Sep 17 00:00:00 2001 From: Ivan Grokhotkov Date: Mon, 22 May 2017 01:26:18 +0800 Subject: [PATCH] WiFiClientSecure: match CN and SANs ignoring case Some websites have certificates with uppercase letters in CN. This change makes _verifyDN function accept such certificates by converting all names to lower case before comparing them. Resolves #2978 --- libraries/ESP8266WiFi/src/WiFiClientSecure.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp index f0bfc2cf9..1cef85e08 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp @@ -521,14 +521,18 @@ bool WiFiClientSecure::_verifyDN(const char* domain_name) const char* san = NULL; int i = 0; while ((san = ssl_get_cert_subject_alt_dnsname(*_ssl, i)) != NULL) { - if (matchName(String(san), domain_name_str)) { + String san_str(san); + san_str.toLowerCase(); + if (matchName(san_str, domain_name_str)) { return true; } DEBUGV("SAN %d: '%s', no match\r\n", i, san); ++i; } const char* common_name = ssl_get_cert_dn(*_ssl, SSL_X509_CERT_COMMON_NAME); - if (common_name && matchName(String(common_name), domain_name_str)) { + String common_name_str(common_name); + common_name_str.toLowerCase(); + if (common_name && matchName(common_name_str, domain_name_str)) { return true; } DEBUGV("CN: '%s', no match\r\n", (common_name)?common_name:"(null)");