mirror of
https://github.com/ruby/ruby.git
synced 2025-08-15 13:39:04 +02:00
* ext/openssl/lib/openssl/ssl-internal.rb (OpenSSL::SSL#verify_certificate_identity):
fix hostname verification. Patch by nahi. * test/openssl/test_ssl.rb (OpenSSL#test_verify_certificate_identity): test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@41676 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
shyouhei
parent
eca9bf617a
commit
961bf7496d
4 changed files with 49 additions and 10 deletions
|
|
@ -1,3 +1,11 @@
|
|||
Thu Jun 27 20:21:18 2013 URABE Shyouhei <shyouhei@ruby-lang.org>
|
||||
|
||||
* ext/openssl/lib/openssl/ssl-internal.rb (OpenSSL::SSL#verify_certificate_identity):
|
||||
fix hostname verification. Patch by nahi.
|
||||
|
||||
* test/openssl/test_ssl.rb (OpenSSL#test_verify_certificate_identity):
|
||||
test for above.
|
||||
|
||||
Sat May 18 23:34:50 2013 Kouhei Sutou <kou@cozmixng.org>
|
||||
|
||||
* lib/rexml/document.rb: move entity_expansion_text_limit accessor to ...
|
||||
|
|
|
|||
|
|
@ -90,14 +90,22 @@ module OpenSSL
|
|||
should_verify_common_name = true
|
||||
cert.extensions.each{|ext|
|
||||
next if ext.oid != "subjectAltName"
|
||||
ext.value.split(/,\s+/).each{|general_name|
|
||||
if /\ADNS:(.*)/ =~ general_name
|
||||
id, ostr = OpenSSL::ASN1.decode(ext.to_der).value
|
||||
sequence = OpenSSL::ASN1.decode(ostr.value)
|
||||
sequence.value.each{|san|
|
||||
case san.tag
|
||||
when 2 # dNSName in GeneralName (RFC5280)
|
||||
should_verify_common_name = false
|
||||
reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
|
||||
reg = Regexp.escape(san.value).gsub(/\\\*/, "[^.]+")
|
||||
return true if /\A#{reg}\z/i =~ hostname
|
||||
elsif /\AIP Address:(.*)/ =~ general_name
|
||||
when 7 # iPAddress in GeneralName (RFC5280)
|
||||
should_verify_common_name = false
|
||||
return true if $1 == hostname
|
||||
# follows GENERAL_NAME_print() in x509v3/v3_alt.c
|
||||
if san.value.size == 4
|
||||
return true if san.value.unpack('C*').join('.') == hostname
|
||||
elsif san.value.size == 16
|
||||
return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
|
||||
end
|
||||
end
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -547,6 +547,29 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
|
|||
ssl.close
|
||||
}
|
||||
end
|
||||
|
||||
def test_verify_certificate_identity
|
||||
# creating NULL byte SAN certificate
|
||||
ef = OpenSSL::X509::ExtensionFactory.new
|
||||
cert = OpenSSL::X509::Certificate.new
|
||||
cert.subject = OpenSSL::X509::Name.parse "/DC=some/DC=site/CN=Some Site"
|
||||
ext = ef.create_ext('subjectAltName', 'DNS:placeholder,IP:192.168.7.1,IP:13::17')
|
||||
ext_asn1 = OpenSSL::ASN1.decode(ext.to_der)
|
||||
san_list_der = ext_asn1.value.reduce(nil) { |memo,val| val.tag == 4 ? val.value : memo }
|
||||
san_list_asn1 = OpenSSL::ASN1.decode(san_list_der)
|
||||
san_list_asn1.value[0].value = 'www.example.com\0.evil.com'
|
||||
ext_asn1.value[1].value = san_list_asn1.to_der
|
||||
real_ext = OpenSSL::X509::Extension.new ext_asn1
|
||||
cert.add_extension(real_ext)
|
||||
|
||||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com'))
|
||||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com\0.evil.com'))
|
||||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255'))
|
||||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1'))
|
||||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17'))
|
||||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17'))
|
||||
end
|
||||
L
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
10
version.h
10
version.h
|
|
@ -1,15 +1,15 @@
|
|||
#define RUBY_VERSION "1.8.7"
|
||||
#define RUBY_RELEASE_DATE "2013-05-18"
|
||||
#define RUBY_RELEASE_DATE "2013-06-27"
|
||||
#define RUBY_VERSION_CODE 187
|
||||
#define RUBY_RELEASE_CODE 20130518
|
||||
#define RUBY_PATCHLEVEL 372
|
||||
#define RUBY_RELEASE_CODE 20130627
|
||||
#define RUBY_PATCHLEVEL 373
|
||||
|
||||
#define RUBY_VERSION_MAJOR 1
|
||||
#define RUBY_VERSION_MINOR 8
|
||||
#define RUBY_VERSION_TEENY 7
|
||||
#define RUBY_RELEASE_YEAR 2013
|
||||
#define RUBY_RELEASE_MONTH 5
|
||||
#define RUBY_RELEASE_DAY 18
|
||||
#define RUBY_RELEASE_MONTH 6
|
||||
#define RUBY_RELEASE_DAY 27
|
||||
|
||||
#ifdef RUBY_EXTERN
|
||||
RUBY_EXTERN const char ruby_version[];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue