XRootD
Loading...
Searching...
No Matches
XrdTlsNotaryUtils.hh File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Enumerations

enum  HostnameValidationResult {
  MatchFound ,
  MatchNotFound ,
  NoSANPresent ,
  MalformedCertificate ,
  Error
}

Functions

HostnameValidationResult validate_hostname (const char *hostname, const X509 *server_cert)

Enumeration Type Documentation

◆ HostnameValidationResult

enum HostnameValidationResult
Enumerator
MatchFound 
MatchNotFound 
NoSANPresent 
MalformedCertificate 
Error 

Definition at line 37 of file XrdTlsNotaryUtils.hh.

37 {
38 MatchFound,
39 MatchNotFound,
40 NoSANPresent,
41 MalformedCertificate,
42 Error
43} HostnameValidationResult;
HostnameValidationResult
HostnameValidationResult
Definition XrdTlsNotaryUtils.hh:37
MatchNotFound
@ MatchNotFound
Definition XrdTlsNotaryUtils.hh:39
NoSANPresent
@ NoSANPresent
Definition XrdTlsNotaryUtils.hh:40
MalformedCertificate
@ MalformedCertificate
Definition XrdTlsNotaryUtils.hh:41
MatchFound
@ MatchFound
Definition XrdTlsNotaryUtils.hh:38

Function Documentation

◆ validate_hostname()

HostnameValidationResult validate_hostname ( const char * hostname,
const X509 * server_cert )

Validates the server's identity by looking for the expected hostname in the server's certificate. As described in RFC 6125, it first tries to find a match in the Subject Alternative Name extension. If the extension is not present in the certificate, it checks the Common Name instead.

Returns MatchFound if a match was found. Returns MatchNotFound if no matches were found. Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. Returns Error if there was an error.

Definition at line 159 of file XrdTlsNotaryUtils.icc.

159 {
160 HostnameValidationResult result;
161
162 if((hostname == NULL) || (server_cert == NULL))
163 return Error;
164
165 // First try the Subject Alternative Names extension
166 result = matches_subject_alternative_name(hostname, server_cert);
167 if (result == NoSANPresent) {
168 // Extension was not found: try the Common Name
169 result = matches_common_name(hostname, server_cert);
170 }
171
172 return result;
173}
matches_common_name
static HostnameValidationResult matches_common_name(const char *hostname, const X509 *server_cert)
Definition XrdTlsNotaryUtils.icc:57
matches_subject_alternative_name
static HostnameValidationResult matches_subject_alternative_name(const char *hostname, const X509 *server_cert)
Definition XrdTlsNotaryUtils.icc:105

References Error, matches_common_name(), matches_subject_alternative_name(), and NoSANPresent.

Here is the call graph for this function: