assert(ssl);
Ssl::X509_Pointer serverCert(SSL_get_peer_certificate(ssl));
assert(serverCert.get() != NULL);
-
- char name[256] = ""; // stores common name (CN)
- // TODO: What if CN is a UTF8String? See X509_NAME_get_index_by_NID(3ssl).
- const int nameLen = X509_NAME_get_text_by_NID(
- X509_get_subject_name(serverCert.get()),
- NID_commonName, name, sizeof(name));
- assert(0 < nameLen && nameLen < static_cast<int>(sizeof(name)));
- debugs(33, 5, HERE << "found HTTPS server " << name << " at bumped " <<
+ sslHostName = Ssl::CommonHostName(serverCert.get());
+ assert(sslHostName.defined());
+ debugs(33, 5, HERE << "found HTTPS server " << sslHostName << " at bumped " <<
*serverConnection);
- sslHostName = name;
pinConnection(serverConnection, NULL, NULL, false);
}
}
+const char *Ssl::CommonHostName(X509 *x509)
+{
+ static char name[256] = ""; // stores common name (CN)
+
+ if (!x509)
+ return NULL;
+
+ // TODO: What if CN is a UTF8String? See X509_NAME_get_index_by_NID(3ssl).
+ const int nameLen = X509_NAME_get_text_by_NID(
+ X509_get_subject_name(x509),
+ NID_commonName, name, sizeof(name));
+
+ if (nameLen > 0)
+ return name;
+
+ return NULL;
+}
#endif /* USE_SSL */
\return true if SNI set false otherwise
*/
bool setClientSNI(SSL *ssl, const char *fqdn);
+
+/**
+ \ingroup ServerProtocolSSLAPI
+ * Returns CN from the certificate, suitable for use as a host name.
+ * Uses static memory to temporary store the extracted name.
+*/
+const char *CommonHostName(X509 *x509);
} //namespace Ssl
#if _SQUID_MSWIN_
projects / thirdparty / squid.git / commitdiff
