ssl-verify-host: fix verifying ip addresses containing zero's (#732)

* ssl-verify-host: fix verifying ip addresses containing zero's If the subject alternate name contained an ip address with an zero (like 10.42.0.1) it could not successfully verify. It is because in c++ strings are null-terminated and therefore strlen(name) would return a wrong result. As I can not see why we can not trust the length returned by openssl, lets drop this check. * ssl-verify-host: add test case lets try to validate against 127.0.0.1 Co-authored-by: Daniel Ottiger <daniel.ottiger@ch.schindler.com>
2025-07-29 11:01:13 +03:00 · 2020-11-03 02:27:34 +01:00
parent eb1d2e04bc
commit 6e1879dfae
4 changed files with 37 additions and 9 deletions
--- a/test/Makefile
+++ b/test/Makefile
@ -24,6 +24,7 @@ test_proxy : test_proxy.cc ../httplib.h Makefile cert.pem
 cert.pem:
 	openssl genrsa 2048 > key.pem
 	openssl req -new -batch -config test.conf -key key.pem | openssl x509 -days 3650 -req -signkey key.pem > cert.pem
+	openssl req -x509 -config test.conf -key key.pem -sha256 -days 3650 -nodes -out cert2.pem -extensions SAN
 	openssl genrsa 2048 > rootCA.key.pem
 	openssl req -x509 -new -batch -config test.rootCA.conf -key rootCA.key.pem -days 1024 > rootCA.cert.pem
 	openssl genrsa 2048 > client.key.pem