mirror of
https://github.com/pissnet/pissircd.git
synced 2024-06-05 07:48:44 +01:00
ac66a0fe12
(will be used in next commit)
81 lines
3.1 KiB
C
81 lines
3.1 KiB
C
#ifndef HEADER_CURL_HOSTCHECK_H
|
|
#define HEADER_CURL_HOSTCHECK_H
|
|
/* Obtained from cURL
|
|
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
***************************************************************************/
|
|
|
|
#define CURL_HOST_NOMATCH 0
|
|
#define CURL_HOST_MATCH 1
|
|
int Curl_cert_hostcheck(const char *match_pattern, const char *hostname);
|
|
|
|
#endif /* HEADER_CURL_HOSTCHECK_H */
|
|
|
|
|
|
/* Obtained from: https://github.com/iSECPartners/ssl-conservatory */
|
|
|
|
/*
|
|
Copyright (C) 2012, iSEC Partners.
|
|
|
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
this software and associated documentation files (the "Software"), to deal in
|
|
the Software without restriction, including without limitation the rights to
|
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
|
of the Software, and to permit persons to whom the Software is furnished to do
|
|
so, subject to the following conditions:
|
|
|
|
The above copyright notice and this permission notice shall be included in all
|
|
copies or substantial portions of the Software.
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
SOFTWARE.
|
|
*/
|
|
|
|
/*
|
|
* Helper functions to perform basic hostname validation using OpenSSL.
|
|
*
|
|
* Please read "everything-you-wanted-to-know-about-openssl.pdf" before
|
|
* attempting to use this code. This whitepaper describes how the code works,
|
|
* how it should be used, and what its limitations are.
|
|
*
|
|
* Author: Alban Diquet
|
|
* License: See LICENSE
|
|
*
|
|
*/
|
|
|
|
typedef enum {
|
|
MatchFound,
|
|
MatchNotFound,
|
|
NoSANPresent,
|
|
MalformedCertificate,
|
|
Error
|
|
} HostnameValidationResult;
|
|
|
|
/**
|
|
* Validates the server's identity by looking for the expected hostname in the
|
|
* server's certificate. As described in RFC 6125, it first tries to find a match
|
|
* in the Subject Alternative Name extension. If the extension is not present in
|
|
* the certificate, it checks the Common Name instead.
|
|
*
|
|
* Returns MatchFound if a match was found.
|
|
* Returns MatchNotFound if no matches were found.
|
|
* Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it.
|
|
* Returns Error if there was an error.
|
|
*/
|
|
HostnameValidationResult validate_hostname(const char *hostname, const X509 *server_cert);
|