From be1c7e50e1e8809ea56f2c9d472eccd8ffd73a97 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 04:57:58 +0200 Subject: Adding upstream version 1.44.3. Signed-off-by: Daniel Baumann --- .../openssl/openssl_hostname_validation.h | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/openssl/openssl_hostname_validation.h (limited to 'web/server/h2o/libh2o/deps/ssl-conservatory/openssl/openssl_hostname_validation.h') diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/openssl/openssl_hostname_validation.h b/web/server/h2o/libh2o/deps/ssl-conservatory/openssl/openssl_hostname_validation.h new file mode 100644 index 00000000..ca4b9be9 --- /dev/null +++ b/web/server/h2o/libh2o/deps/ssl-conservatory/openssl/openssl_hostname_validation.h @@ -0,0 +1,40 @@ +/* + * Helper functions to perform basic hostname validation using OpenSSL. + * + * Please read "everything-you-wanted-to-know-about-openssl.pdf" before + * attempting to use this code. This whitepaper describes how the code works, + * how it should be used, and what its limitations are. + * + * Author: Alban Diquet + * License: See LICENSE + * + */ +#ifndef openssl_hostname_validation_h +#define openssl_hostname_validation_h + +#ifndef OPENSSL_HOSTNAME_VALIDATION_LINKAGE +#define OPENSSL_HOSTNAME_VALIDATION_LINKAGE extern +#endif + +typedef enum { + MatchFound, + MatchNotFound, + NoSANPresent, + MalformedCertificate, + Error +} HostnameValidationResult; + +/** +* Validates the server's identity by looking for the expected hostname in the +* server's certificate. As described in RFC 6125, it first tries to find a match +* in the Subject Alternative Name extension. If the extension is not present in +* the certificate, it checks the Common Name instead. +* +* Returns MatchFound if a match was found. +* Returns MatchNotFound if no matches were found. +* Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. +* Returns Error if there was an error. +*/ +OPENSSL_HOSTNAME_VALIDATION_LINKAGE HostnameValidationResult validate_hostname(const char *hostname, const X509 *server_cert); + +#endif -- cgit v1.2.3