1*663afb9bSAndroid Build Coastguard Worker /* Obtained from: https://github.com/iSECPartners/ssl-conservatory */ 2*663afb9bSAndroid Build Coastguard Worker 3*663afb9bSAndroid Build Coastguard Worker /* 4*663afb9bSAndroid Build Coastguard Worker Copyright (C) 2012, iSEC Partners. 5*663afb9bSAndroid Build Coastguard Worker 6*663afb9bSAndroid Build Coastguard Worker Permission is hereby granted, free of charge, to any person obtaining a copy of 7*663afb9bSAndroid Build Coastguard Worker this software and associated documentation files (the "Software"), to deal in 8*663afb9bSAndroid Build Coastguard Worker the Software without restriction, including without limitation the rights to 9*663afb9bSAndroid Build Coastguard Worker use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 10*663afb9bSAndroid Build Coastguard Worker of the Software, and to permit persons to whom the Software is furnished to do 11*663afb9bSAndroid Build Coastguard Worker so, subject to the following conditions: 12*663afb9bSAndroid Build Coastguard Worker 13*663afb9bSAndroid Build Coastguard Worker The above copyright notice and this permission notice shall be included in all 14*663afb9bSAndroid Build Coastguard Worker copies or substantial portions of the Software. 15*663afb9bSAndroid Build Coastguard Worker 16*663afb9bSAndroid Build Coastguard Worker THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17*663afb9bSAndroid Build Coastguard Worker IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18*663afb9bSAndroid Build Coastguard Worker FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19*663afb9bSAndroid Build Coastguard Worker AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20*663afb9bSAndroid Build Coastguard Worker LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21*663afb9bSAndroid Build Coastguard Worker OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22*663afb9bSAndroid Build Coastguard Worker SOFTWARE. 23*663afb9bSAndroid Build Coastguard Worker */ 24*663afb9bSAndroid Build Coastguard Worker 25*663afb9bSAndroid Build Coastguard Worker /* 26*663afb9bSAndroid Build Coastguard Worker * Helper functions to perform basic hostname validation using OpenSSL. 27*663afb9bSAndroid Build Coastguard Worker * 28*663afb9bSAndroid Build Coastguard Worker * Please read "everything-you-wanted-to-know-about-openssl.pdf" before 29*663afb9bSAndroid Build Coastguard Worker * attempting to use this code. This whitepaper describes how the code works, 30*663afb9bSAndroid Build Coastguard Worker * how it should be used, and what its limitations are. 31*663afb9bSAndroid Build Coastguard Worker * 32*663afb9bSAndroid Build Coastguard Worker * Author: Alban Diquet 33*663afb9bSAndroid Build Coastguard Worker * License: See LICENSE 34*663afb9bSAndroid Build Coastguard Worker * 35*663afb9bSAndroid Build Coastguard Worker */ 36*663afb9bSAndroid Build Coastguard Worker 37*663afb9bSAndroid Build Coastguard Worker typedef enum { 38*663afb9bSAndroid Build Coastguard Worker MatchFound, 39*663afb9bSAndroid Build Coastguard Worker MatchNotFound, 40*663afb9bSAndroid Build Coastguard Worker NoSANPresent, 41*663afb9bSAndroid Build Coastguard Worker MalformedCertificate, 42*663afb9bSAndroid Build Coastguard Worker Error 43*663afb9bSAndroid Build Coastguard Worker } HostnameValidationResult; 44*663afb9bSAndroid Build Coastguard Worker 45*663afb9bSAndroid Build Coastguard Worker /** 46*663afb9bSAndroid Build Coastguard Worker * Validates the server's identity by looking for the expected hostname in the 47*663afb9bSAndroid Build Coastguard Worker * server's certificate. As described in RFC 6125, it first tries to find a match 48*663afb9bSAndroid Build Coastguard Worker * in the Subject Alternative Name extension. If the extension is not present in 49*663afb9bSAndroid Build Coastguard Worker * the certificate, it checks the Common Name instead. 50*663afb9bSAndroid Build Coastguard Worker * 51*663afb9bSAndroid Build Coastguard Worker * Returns MatchFound if a match was found. 52*663afb9bSAndroid Build Coastguard Worker * Returns MatchNotFound if no matches were found. 53*663afb9bSAndroid Build Coastguard Worker * Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it. 54*663afb9bSAndroid Build Coastguard Worker * Returns Error if there was an error. 55*663afb9bSAndroid Build Coastguard Worker */ 56*663afb9bSAndroid Build Coastguard Worker HostnameValidationResult validate_hostname(const char *hostname, const X509 *server_cert); 57