ceph/src/boost/boost/asio/ssl/impl/host_name_verification.ipp

   1 //
   2 // ssl/impl/host_name_verification.ipp
   3 // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   4 //
   5 // Copyright (c) 2003-2022 Christopher M. Kohlhoff (chris at kohlhoff dot com)
   6 //
   7 // Distributed under the Boost Software License, Version 1.0. (See accompanying
   8 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
   9 //
  10
  11 #ifndef BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP
  12 #define BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP
  13
  14 #if defined(_MSC_VER) && (_MSC_VER >= 1200)
  15 # pragma once
  16 #endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
  17
  18 #include <boost/asio/detail/config.hpp>
  19
  20 #include <cctype>
  21 #include <cstring>
  22 #include <boost/asio/ip/address.hpp>
  23 #include <boost/asio/ssl/host_name_verification.hpp>
  24 #include <boost/asio/ssl/detail/openssl_types.hpp>
  25
  26 #include <boost/asio/detail/push_options.hpp>
  27
  28 namespace boost {
  29 namespace asio {
  30 namespace ssl {
  31
  32 bool host_name_verification::operator()(
  33     bool preverified, verify_context& ctx) const
  34 {
  35   using namespace std; // For memcmp.
  36
  37   // Don't bother looking at certificates that have failed pre-verification.
  38   if (!preverified)
  39     return false;
  40
  41   // We're only interested in checking the certificate at the end of the chain.
  42   int depth = X509_STORE_CTX_get_error_depth(ctx.native_handle());
  43   if (depth > 0)
  44     return true;
  45
  46   // Try converting the host name to an address. If it is an address then we
  47   // need to look for an IP address in the certificate rather than a host name.
  48   boost::system::error_code ec;
  49   ip::address address = ip::make_address(host_, ec);
  50   const bool is_address = !ec;
  51   (void)address;
  52
  53   X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle());
  54
  55   if (is_address)
  56   {
  57     return X509_check_ip_asc(cert, host_.c_str(), 0) == 1;
  58   }
  59   else
  60   {
  61     char* peername = 0;
  62     const int result = X509_check_host(cert,
  63         host_.c_str(), host_.size(), 0, &peername);
  64     OPENSSL_free(peername);
  65     return result == 1;
  66   }
  67 }
  68
  69 } // namespace ssl
  70 } // namespace asio
  71 } // namespace boost
  72
  73 #include <boost/asio/detail/pop_options.hpp>
  74
  75 #endif // BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP