Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

tls: handle multiple CN fields when verifying cert

Fixes #3861.
  • Loading branch information
bnoordhuis committed Aug 12, 2012
1 parent 4ef808e commit 6b18e88b68a723b3749d7770c043d7f711c89569
Showing with 16 additions and 1 deletion.
  1. +8 −1 lib/tls.js
  2. +8 −0 test/simple/test-tls-check-server-identity.js
@@ -154,7 +154,14 @@ function checkServerIdentity(host, cert) {

// And only after check if hostname matches CN
// (because CN is deprecated, but should be used for compatiblity anyway)
dnsNames.push(regexpify(cert.subject.CN, false));
var commonNames = cert.subject.CN;
if (Array.isArray(commonNames)) {
for (var i = 0, k = commonNames.length; i < k; ++i) {
dnsNames.push(regexpify(commonNames[i], false));
}
} else {
dnsNames.push(regexpify(commonNames, false));
}

valid = dnsNames.some(function(re) {
return re.test(host);
@@ -34,6 +34,14 @@ var tests = [
// No wildcards in CN
{ host: 'b.a.com', cert: { subject: { CN: '*.a.com' } }, result: false },

// Multiple CN fields
{
host: 'foo.com', cert: {
subject: { CN: ['foo.com', 'bar.com'] } // CN=foo.com; CN=bar.com;
},
result: true
},

// DNS names and CN
{
host: 'a.com', cert: {

0 comments on commit 6b18e88

Please sign in to comment.
You can’t perform that action at this time.