libp2p/go-openssl
1
0
Fork 0
mirror of https://github.com/libp2p/go-openssl.git synced 2025-03-10 11:10:23 +08:00
Code Issues Projects Releases Wiki Activity

Fix hostname validation with an IPv4 SAN

Browse Source 
Go can use 16 bytes to store an IPv4 address in a net.IP so it needs to
be converted to a 4-byte representation first.
This commit is contained in:
Andrew Harding 2018-04-17 08:51:22 -06:00
parent 2df7e68102
commit 85c7f475b6
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hostname.go
View File

@ -95,6 +95,12 @@ func (c *Certificate) CheckEmail(email string, flags CheckFlags) error {
// Specifically returns ValidationError if the Certificate didn't match but // Specifically returns ValidationError if the Certificate didn't match but
// there was no internal error. // there was no internal error.
func (c *Certificate) CheckIP(ip net.IP, flags CheckFlags) error { func (c *Certificate) CheckIP(ip net.IP, flags CheckFlags) error {
// X509_check_ip will fail to validate the 16-byte representation of an IPv4
// address, so convert to the 4-byte representation.
if ip4 := ip.To4(); ip4 != nil {
ip = ip4
}
cip := unsafe.Pointer(&ip[0]) cip := unsafe.Pointer(&ip[0])
rv := C.X509_check_ip(c.x, (*C.uchar)(cip), C.size_t(len(ip)), rv := C.X509_check_ip(c.x, (*C.uchar)(cip), C.size_t(len(ip)),
C.uint(flags)) C.uint(flags))