[squeak-dev] The Inbox: SqueakSSL-Core-ul.30.mcz

commits at source.squeak.org commits at source.squeak.org
Tue May 26 21:27:12 UTC 2015


Levente Uzonyi uploaded a new version of SqueakSSL-Core to project The Inbox:
http://source.squeak.org/inbox/SqueakSSL-Core-ul.30.mcz

==================== Summary ====================

Name: SqueakSSL-Core-ul.30
Author: ul
Time: 26 May 2015, 11:25:11.058 pm
UUID: 0b33ea1e-9f1c-4e22-94f0-a4ac34d3982c
Ancestors: SqueakSSL-Core-ul.29

- Use the DNS names from the certificate's SAN extension (#subjectAltNameDNS) in #verifyCert:.
- Use case insensitive host name comparison in #verifyCert:.

=============== Diff against SqueakSSL-Core-ul.29 ===============

Item was added:
+ ----- Method: SecureSocketStream>>verify:matchesHost: (in category 'initialize') -----
+ verify: nameInCertificate matchesHost: hostName
+ 	"This comparison must be case insensitive."
+ 
+ 	| lowercaseNameInCertificate lowercaseHostName |
+ 	lowercaseNameInCertificate := nameInCertificate asLowercase.
+ 	lowercaseHostName := hostName asLowercase.
+ 	lowercaseNameInCertificate = lowercaseHostName ifTrue: [ ^true ].
+ 	"Check if it's a wildcard name."
+ 	(lowercaseNameInCertificate beginsWith: '*.') ifFalse: [ ^false ].
+ 	^lowercaseHostName endsWith: lowercaseNameInCertificate allButFirst!

Item was changed:
  ----- Method: SecureSocketStream>>verifyCert: (in category 'initialize') -----
  verifyCert: hostName
  	"Verifies the cert state and host name"
  
  	| certFlags |
  	certFlags := self certState.
  	certFlags = -1 
  		ifTrue:[^self certError: 'No certificate was provided' code: -1].
  	certFlags = 0 
  		ifFalse:[self certError: 'Invalid certificate' code: certFlags].
+ 	(self verify: ssl peerName matchesHost: hostName) ifTrue: [ ^self ].
+ 	ssl subjectAltNameDNS ifNotNil: [ :subjectAltNameDNS |
+ 		subjectAltNameDNS splitBy: ',' do: [ :alternateName |
+ 			(self verify: alternateName matchesHost: hostName) ifTrue: [ ^self ] ] ].
+ 	self certError: 'Host name mismatch' code: -1!
- 	(ssl peerName match: hostName) 
- 		ifFalse:[self certError: 'Host name mismatch' code: -1].!

Item was added:
+ ----- Method: SqueakSSL>>subjectAltNameDNS (in category 'accessing') -----
+ subjectAltNameDNS
+ 	"Returns a string containing the DNS names of the certificate's SAN extension, or nil if there are none.
+ 	The method only returns the names if the certificate has been verified."
+ 
+ 	^self primitiveSSL: handle getStringProperty: 3!



More information about the Squeak-dev mailing list