Permalink
Browse files

if HOST_SPN_ALIAS set, accept RP certs with just a hostname

  • Loading branch information...
lhoward committed Mar 30, 2013
1 parent d819671 commit 46fbf8d4a820644f19f78d497419ef67ce3e6006
Showing with 2 additions and 1 deletion.
  1. +2 −1 libbrowserid/bid_rp.c
View
@@ -199,7 +199,8 @@ BIDVerifyRPResponseToken(
certParams = json_object_get(identity->PrivateAttributes, "anchors");
ulVerifyReqFlags = BID_VERIFY_FLAG_RP;
- if (ulReqFlags & BID_RP_FLAG_HOSTNAME_MATCH_OK)
+ if ((ulReqFlags & BID_RP_FLAG_HOSTNAME_MATCH_OK) ||
+ (context->ContextOptions & BID_CONTEXT_HOST_SPN_ALIAS))
ulVerifyReqFlags |= BID_VERIFY_FLAG_HOSTNAME_MATCH_OK;
err = _BIDVerifyLocal(context, NULL, backedAssertion, NULL, szAudienceName,

0 comments on commit 46fbf8d

Please sign in to comment.