Skip to content

Commit

Permalink
WiFiClientSecure: match CN and SANs ignoring case
Browse files Browse the repository at this point in the history 
Some websites have certificates with uppercase letters in CN. This change
makes _verifyDN function accept such certificates by converting all names
to lower case before comparing them.

Resolves #2978
  • Loading branch information
@igrr
igrr committed May 22, 2017
1 parent a8e8ecb commit f6d232f
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
View file
Expand Up @@ -521,14 +521,18 @@ bool WiFiClientSecure::_verifyDN(const char* domain_name)
const char* san = NULL;
int i = 0;
while ((san = ssl_get_cert_subject_alt_dnsname(*_ssl, i)) != NULL) {
if (matchName(String(san), domain_name_str)) {
String san_str(san);
san_str.toLowerCase();
if (matchName(san_str, domain_name_str)) {
return true;
}
DEBUGV("SAN %d: '%s', no match\r\n", i, san);
++i;
}
const char* common_name = ssl_get_cert_dn(*_ssl, SSL_X509_CERT_COMMON_NAME);
if (common_name && matchName(String(common_name), domain_name_str)) {
String common_name_str(common_name);
common_name_str.toLowerCase();
if (common_name && matchName(common_name_str, domain_name_str)) {
return true;
}
DEBUGV("CN: '%s', no match\r\n", (common_name)?common_name:"(null)");
Expand Down

0 comments on commit f6d232f

Please sign in to comment.