ssl/impl/host_name_verification.ipp

0001 //
0002 // ssl/impl/host_name_verification.ipp
0003 // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0004 //
0005 // Copyright (c) 2003-2023 Christopher M. Kohlhoff (chris at kohlhoff dot com)
0006 //
0007 // Distributed under the Boost Software License, Version 1.0. (See accompanying
0008 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
0009 //
0010
0011 #ifndef BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP
0012 #define BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP
0013
0014 #if defined(_MSC_VER) && (_MSC_VER >= 1200)
0015 # pragma once
0016 #endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
0017
0018 #include <boost/asio/detail/config.hpp>
0019
0020 #include <cctype>
0021 #include <cstring>
0022 #include <boost/asio/ip/address.hpp>
0023 #include <boost/asio/ssl/host_name_verification.hpp>
0024 #include <boost/asio/ssl/detail/openssl_types.hpp>
0025
0026 #include <boost/asio/detail/push_options.hpp>
0027
0028 namespace boost {
0029 namespace asio {
0030 namespace ssl {
0031
0032 bool host_name_verification::operator()(
0033     bool preverified, verify_context& ctx) const
0034 {
0035   using namespace std; // For memcmp.
0036
0037   // Don't bother looking at certificates that have failed pre-verification.
0038   if (!preverified)
0039     return false;
0040
0041   // We're only interested in checking the certificate at the end of the chain.
0042   int depth = X509_STORE_CTX_get_error_depth(ctx.native_handle());
0043   if (depth > 0)
0044     return true;
0045
0046   // Try converting the host name to an address. If it is an address then we
0047   // need to look for an IP address in the certificate rather than a host name.
0048   boost::system::error_code ec;
0049   ip::address address = ip::make_address(host_, ec);
0050   const bool is_address = !ec;
0051   (void)address;
0052
0053   X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle());
0054
0055   if (is_address)
0056   {
0057     return X509_check_ip_asc(cert, host_.c_str(), 0) == 1;
0058   }
0059   else
0060   {
0061     char* peername = 0;
0062     const int result = X509_check_host(cert,
0063         host_.c_str(), host_.size(), 0, &peername);
0064     OPENSSL_free(peername);
0065     return result == 1;
0066   }
0067 }
0068
0069 } // namespace ssl
0070 } // namespace asio
0071 } // namespace boost
0072
0073 #include <boost/asio/detail/pop_options.hpp>
0074
0075 #endif // BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP