LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-01-07 19:57:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

LibCrypto: Certificate parse IP address SAN

Browse Source 
Subject alternative name entries containing IP addresses will now be
parsed and added to the list of SANs. This should allow for certificate
verification when accessing IP addresses directly.
This commit is contained in:
Michiel Visser 2022-02-23 18:22:30 +01:00 committed by Ali Mohammad Pur
parent 7bc3b193c0
commit be654dad8a
Notes: sideshowbarker 2024-07-17 11:44:45 +09:00 
Author: https://github.com/msvisser
Commit: https://github.com/SerenityOS/serenity/commit/be654dad8a
Pull-request: https://github.com/SerenityOS/serenity/pull/12739
Reviewed-by: https://github.com/alimpfard
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Userland/Libraries/LibTLS/Certificate.cpp
View File

@ -6,6 +6,7 @@
#include "Certificate.h"
#include <AK/Debug.h>
#include <AK/IPv4Address.h>
#include <LibCrypto/ASN1/ASN1.h>
#include <LibCrypto/ASN1/DER.h>
#include <LibCrypto/ASN1/PEM.h>
@ -441,11 +442,13 @@ Optional<Certificate> Certificate::parse_asn1(ReadonlyBytes buffer, bool)
certificate.SAN.append(name);
break;
}
case 7:
case 7: {
// IP Address
// We can't handle these.
DROP_OBJECT_OR_FAIL("Certificate::TBSCertificate::Extensions::$::Extension::extension_value::SubjectAlternativeName::$::IPAddress");
READ_OBJECT_OR_FAIL(OctetString, StringView, ip_addr_sv, "Certificate::TBSCertificate::Extensions::$::Extension::extension_value::SubjectAlternativeName::$::IPAddress");
IPv4Address ip_addr { ip_addr_sv.bytes().data() };
certificate.SAN.append(ip_addr.to_string());
break;
}
case 8:
// Registered ID
// We can't handle these.