crypt32: Implement wildcard domain name matching in subject alternative names.
This commit is contained in:
Juan Lang
Alexandre Julliard
parent
50ebc10da4
commit
c79aad51cd
|
|
@ -3035,7 +3035,31 @@ static BOOL match_dns_to_subject_alt_name(PCERT_EXTENSION ext,
|
||||||
{
|
{
|
||||||
TRACE_(chain)("dNSName: %s\n", debugstr_w(
|
TRACE_(chain)("dNSName: %s\n", debugstr_w(
|
||||||
subjectName->rgAltEntry[i].u.pwszDNSName));
|
subjectName->rgAltEntry[i].u.pwszDNSName));
|
||||||
if (!strcmpiW(server_name,
|
if (subjectName->rgAltEntry[i].u.pwszDNSName[0] == '*')
|
||||||
|
{
|
||||||
|
LPCWSTR server_name_dot;
|
||||||
|
|
||||||
|
/* Matching a wildcard: a wildcard matches a single name
|
||||||
|
* component, which is terminated by a dot. RFC 1034
|
||||||
|
* doesn't define whether multiple wildcards are allowed,
|
||||||
|
* but I will assume that they are not until proven
|
||||||
|
* otherwise. RFC 1034 also states that 'the "*" label
|
||||||
|
* always matches at least one whole label and sometimes
|
||||||
|
* more, but always whole labels.' Native crypt32 does not
|
||||||
|
* match more than one label with a wildcard, so I do the
|
||||||
|
* same here. Thus, a wildcard only accepts the first
|
||||||
|
* label, then requires an exact match of the remaining
|
||||||
|
* string.
|
||||||
|
*/
|
||||||
|
server_name_dot = strchrW(server_name, '.');
|
||||||
|
if (server_name_dot)
|
||||||
|
{
|
||||||
|
if (!strcmpiW(server_name_dot,
|
||||||
|
subjectName->rgAltEntry[i].u.pwszDNSName + 1))
|
||||||
|
matches = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (!strcmpiW(server_name,
|
||||||
subjectName->rgAltEntry[i].u.pwszDNSName))
|
subjectName->rgAltEntry[i].u.pwszDNSName))
|
||||||
matches = TRUE;
|
matches = TRUE;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3818,7 +3818,7 @@ static const ChainPolicyCheck opensslPolicyCheckWithoutMatchingName = {
|
||||||
|
|
||||||
static const ChainPolicyCheck winehqPolicyCheckWithMatchingName = {
|
static const ChainPolicyCheck winehqPolicyCheckWithMatchingName = {
|
||||||
{ sizeof(chain29) / sizeof(chain29[0]), chain29 },
|
{ sizeof(chain29) / sizeof(chain29[0]), chain29 },
|
||||||
{ 0, 0, -1, -1, NULL}, NULL, TODO_ERROR
|
{ 0, 0, -1, -1, NULL}, NULL, 0
|
||||||
};
|
};
|
||||||
|
|
||||||
static const ChainPolicyCheck winehqPolicyCheckWithoutMatchingName = {
|
static const ChainPolicyCheck winehqPolicyCheckWithoutMatchingName = {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue