arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-19 23:22:16 +03:00
Code

WiFiClientSecure: match CN and SANs ignoring case

Browse Source 
Some websites have certificates with uppercase letters in CN. This change
makes _verifyDN function accept such certificates by converting all names
to lower case before comparing them.

Resolves #2978
This commit is contained in:
Ivan Grokhotkov 2017-05-22 01:26:18 +08:00 committed by Ivan Grokhotkov
parent a8e8ecb687
commit f6d232f1ac
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
View File

@ -521,14 +521,18 @@ bool WiFiClientSecure::_verifyDN(const char* domain_name)
const char* san = NULL; const char* san = NULL;
int i = 0; int i = 0;
while ((san = ssl_get_cert_subject_alt_dnsname(*_ssl, i)) != NULL) { while ((san = ssl_get_cert_subject_alt_dnsname(*_ssl, i)) != NULL) {
if (matchName(String(san), domain_name_str)) { String san_str(san);
san_str.toLowerCase();
if (matchName(san_str, domain_name_str)) {
return true; return true;
} }
DEBUGV("SAN %d: '%s', no match\r\n", i, san); DEBUGV("SAN %d: '%s', no match\r\n", i, san);
++i; ++i;
} }
const char* common_name = ssl_get_cert_dn(*_ssl, SSL_X509_CERT_COMMON_NAME); const char* common_name = ssl_get_cert_dn(*_ssl, SSL_X509_CERT_COMMON_NAME);
if (common_name && matchName(String(common_name), domain_name_str)) { String common_name_str(common_name);
common_name_str.toLowerCase();
if (common_name && matchName(common_name_str, domain_name_str)) {
return true; return true;
} }
DEBUGV("CN: '%s', no match\r\n", (common_name)?common_name:"(null)"); DEBUGV("CN: '%s', no match\r\n", (common_name)?common_name:"(null)");