Smalltalk Squeak Squeak - Dev

The Inbox: SqueakSSL-Core-ul.30.mcz

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
commits-2
Reply | Threaded
Open this post in threaded view
|

The Inbox: SqueakSSL-Core-ul.30.mcz

commits-2
Levente Uzonyi uploaded a new version of SqueakSSL-Core to project The Inbox:
http://source.squeak.org/inbox/SqueakSSL-Core-ul.30.mcz

==================== Summary ====================

Name: SqueakSSL-Core-ul.30
Author: ul
Time: 26 May 2015, 11:25:11.058 pm
UUID: 0b33ea1e-9f1c-4e22-94f0-a4ac34d3982c
Ancestors: SqueakSSL-Core-ul.29

- Use the DNS names from the certificate's SAN extension (#subjectAltNameDNS) in #verifyCert:.
- Use case insensitive host name comparison in #verifyCert:.

=============== Diff against SqueakSSL-Core-ul.29 ===============

Item was added:
+ ----- Method: SecureSocketStream>>verify:matchesHost: (in category 'initialize') -----
+ verify: nameInCertificate matchesHost: hostName
+ "This comparison must be case insensitive."
+
+ | lowercaseNameInCertificate lowercaseHostName |
+ lowercaseNameInCertificate := nameInCertificate asLowercase.
+ lowercaseHostName := hostName asLowercase.
+ lowercaseNameInCertificate = lowercaseHostName ifTrue: [ ^true ].
+ "Check if it's a wildcard name."
+ (lowercaseNameInCertificate beginsWith: '*.') ifFalse: [ ^false ].
+ ^lowercaseHostName endsWith: lowercaseNameInCertificate allButFirst!

Item was changed:
  ----- Method: SecureSocketStream>>verifyCert: (in category 'initialize') -----
  verifyCert: hostName
  "Verifies the cert state and host name"
 
  | certFlags |
  certFlags := self certState.
  certFlags = -1
  ifTrue:[^self certError: 'No certificate was provided' code: -1].
  certFlags = 0
  ifFalse:[self certError: 'Invalid certificate' code: certFlags].
+ (self verify: ssl peerName matchesHost: hostName) ifTrue: [ ^self ].
+ ssl subjectAltNameDNS ifNotNil: [ :subjectAltNameDNS |
+ subjectAltNameDNS splitBy: ',' do: [ :alternateName |
+ (self verify: alternateName matchesHost: hostName) ifTrue: [ ^self ] ] ].
+ self certError: 'Host name mismatch' code: -1!
- (ssl peerName match: hostName)
- ifFalse:[self certError: 'Host name mismatch' code: -1].!

Item was added:
+ ----- Method: SqueakSSL>>subjectAltNameDNS (in category 'accessing') -----
+ subjectAltNameDNS
+ "Returns a string containing the DNS names of the certificate's SAN extension, or nil if there are none.
+ The method only returns the names if the certificate has been verified."
+
+ ^self primitiveSSL: handle getStringProperty: 3!


Free forum by Nabble Edit this page