summaryrefslogtreecommitdiffstats
path: root/ssl_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl_verify.c')
-rw-r--r--ssl_verify.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/ssl_verify.c b/ssl_verify.c
index 7c263f8..9eda092 100644
--- a/ssl_verify.c
+++ b/ssl_verify.c
@@ -382,6 +382,21 @@ verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert,
}
#endif /* OPENSSL_VERSION_NUMBER */
+
+ /* verify X509 name or common name against --tls-remote */
+ if (opt->verify_x509name && strlen (opt->verify_x509name) > 0)
+ {
+ if (strcmp (opt->verify_x509name, subject) == 0
+ || strncmp (opt->verify_x509name, common_name, strlen (opt->verify_x509name)) == 0)
+ msg (D_HANDSHAKE, "VERIFY X509NAME OK: %s", subject);
+ else
+ {
+ msg (D_HANDSHAKE, "VERIFY X509NAME ERROR: %s, must be %s",
+ subject, opt->verify_x509name);
+ return 1; /* Reject connection */
+ }
+ }
+
return 0;
}
generated by cgit (git 2.34.1) at 2025-09-18 21:29:07 +0000