diff options
author | Lukas Venhoda <lvenhoda@redhat.com> | 2015-10-22 14:22:21 +0200 |
---|---|---|
committer | Fabiano FidĂȘncio <fidencio@redhat.com> | 2015-10-23 11:07:58 +0200 |
commit | 9749e7ed14ded2b455395bc6db84519a8ec0cc7b (patch) | |
tree | 19ad37005f6ffcc5b75d7cd1a85cc73cf58f4240 /common | |
parent | 9b74e47ed34c297a51d7bbd108b822979895bb6c (diff) | |
download | spice-common-9749e7ed14ded2b455395bc6db84519a8ec0cc7b.tar.gz spice-common-9749e7ed14ded2b455395bc6db84519a8ec0cc7b.tar.xz spice-common-9749e7ed14ded2b455395bc6db84519a8ec0cc7b.zip |
ssl-verify: Changed IPv4 hostname to IPv6
Change inet_aton function to glib functions.
inet_aton only supported IPv4 addresses, and wasn't available on windows
machines. GInetAddress functions support IPv6 natively, and requires less
boilerplate code then IPv6 gettaddrinfo().
Diffstat (limited to 'common')
-rw-r--r-- | common/ssl_verify.c | 45 |
1 files changed, 21 insertions, 24 deletions
diff --git a/common/ssl_verify.c b/common/ssl_verify.c index fe04409..867c54f 100644 --- a/common/ssl_verify.c +++ b/common/ssl_verify.c @@ -31,19 +31,7 @@ #endif #include <ctype.h> #include <string.h> - -#ifdef WIN32 -static int inet_aton(const char* ip, struct in_addr* in_addr) -{ - unsigned long addr = inet_addr(ip); - - if (addr == INADDR_NONE) { - return 0; - } - in_addr->S_un.S_addr = addr; - return 1; -} -#endif +#include <gio/gio.h> static int verify_pubkey(X509* cert, const char *key, size_t key_size) { @@ -202,20 +190,29 @@ static int verify_hostname(X509* cert, const char *hostname) return 1; } } else if (name->type == GEN_IPADD) { - struct in_addr addr; - int addr_len = 0; - int alt_ip_len = ASN1_STRING_length(name->d.iPAddress); + GInetAddress * alt_ip = NULL; + GInetAddress * ip = NULL; + gchar * alt_ip_string = NULL; + const guint8 * ip_binary = NULL; + int alt_ip_len = 0; + int ip_len = 0; + found_dns_name = 1; - // only IpV4 supported - if (inet_aton(hostname, &addr)) { - addr_len = sizeof(struct in_addr); - } + ip = g_inet_address_new_from_string(hostname); + ip_len = g_inet_address_get_native_size(ip); + ip_binary = g_inet_address_to_bytes(ip); + + alt_ip_len = ASN1_STRING_length(name->d.iPAddress); + + if ((ip_len == alt_ip_len) && + (memcmp(ASN1_STRING_data(name->d.iPAddress), ip_binary, ip_len)) == 0) { + alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_data(name->d.iPAddress), + g_inet_address_get_family(ip)); + alt_ip_string = g_inet_address_to_string(alt_ip); + spice_debug("alt name IP match=%s", alt_ip_string); - if ((addr_len == alt_ip_len)&& - !memcmp(ASN1_STRING_data(name->d.iPAddress), &addr, addr_len)) { - spice_debug("alt name IP match=%s", - inet_ntoa(*((struct in_addr*)ASN1_STRING_data(name->d.dNSName)))); + g_free(alt_ip_string); GENERAL_NAMES_free(subject_alt_names); return 1; } |