mirror of
https://github.com/matrix-construct/construct
synced 2024-11-29 02:02:38 +01:00
ircd::net: Add common_name(opts) consistent function to get proper CN.
This commit is contained in:
Jason Volk
parent
b0427fbb91
commit
273e22c50e
2 changed files with 21 additions and 11 deletions
|
|
@ -44,6 +44,9 @@ namespace ircd::net
|
|||
/// with it.
|
||||
struct ircd::net::open_opts
|
||||
{
|
||||
// Get the proper target CN from the options structure
|
||||
friend string_view common_name(const open_opts &);
|
||||
|
||||
open_opts() = default;
|
||||
open_opts(const net::ipport &ipport);
|
||||
open_opts(const net::hostport &hostport);
|
||||
|
|
@ -115,3 +118,9 @@ ircd::net::open_opts::open_opts(const net::remote &remote)
|
|||
:hostport{remote.hostname}
|
||||
,ipport{remote}
|
||||
{}
|
||||
|
||||
inline ircd::string_view
|
||||
ircd::net::common_name(const open_opts &opts)
|
||||
{
|
||||
return opts.common_name?: opts.hostport.host;
|
||||
}
|
||||
|
|
|
|||
23
ircd/net.cc
23
ircd/net.cc
|
|
@ -1158,7 +1158,7 @@ ircd::net::socket::handshake(const open_opts &opts,
|
|||
log.debug("socket(%p) performing handshake with %s for '%s' for the next %ld$ms",
|
||||
this,
|
||||
string(remote()),
|
||||
opts.common_name,
|
||||
common_name(opts),
|
||||
opts.handshake_timeout.count());
|
||||
|
||||
auto handshake_handler
|
||||
|
|
@ -1608,17 +1608,12 @@ noexcept try
|
|||
assert(vc.native_handle());
|
||||
const auto &stctx{*vc.native_handle()};
|
||||
const auto &cert{openssl::current_cert(stctx)};
|
||||
const auto required_common_name
|
||||
{
|
||||
opts.common_name? opts.common_name : opts.hostport.host
|
||||
};
|
||||
|
||||
const auto reject{[&stctx, &required_common_name]
|
||||
const auto reject{[&stctx, &opts]
|
||||
{
|
||||
throw inauthentic
|
||||
{
|
||||
"%s #%ld: %s",
|
||||
required_common_name,
|
||||
common_name(opts),
|
||||
openssl::get_error(stctx),
|
||||
openssl::get_error_string(stctx)
|
||||
};
|
||||
|
|
@ -1628,7 +1623,7 @@ noexcept try
|
|||
{
|
||||
char buf[256];
|
||||
log.warning("verify: %s /CN=%s :%s",
|
||||
required_common_name,
|
||||
common_name(opts),
|
||||
openssl::subject_common_name(buf, cert),
|
||||
openssl::get_error_string(stctx));
|
||||
}
|
||||
|
|
@ -1660,10 +1655,16 @@ noexcept try
|
|||
|
||||
if(opts.verify_common_name)
|
||||
{
|
||||
if(unlikely(empty(common_name(opts))))
|
||||
throw inauthentic
|
||||
{
|
||||
"No common name specified in connection options"
|
||||
};
|
||||
|
||||
//TODO: this object makes an std::string
|
||||
boost::asio::ssl::rfc2818_verification verifier
|
||||
{
|
||||
std::string(required_common_name)
|
||||
std::string(common_name(opts))
|
||||
};
|
||||
|
||||
if(!verifier(true, vc))
|
||||
|
|
@ -1673,7 +1674,7 @@ noexcept try
|
|||
{
|
||||
"/CN=%s does not match target host %s :%s",
|
||||
openssl::subject_common_name(buf, cert),
|
||||
required_common_name,
|
||||
common_name(opts),
|
||||
openssl::get_error_string(stctx)
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue