Skip to content

Commit

Permalink
Pass Cert directly to name verification functions
Browse files Browse the repository at this point in the history
  • Loading branch information
djc committed Dec 23, 2024
1 parent 5581187 commit 4143e95
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 21 deletions.
12 changes: 3 additions & 9 deletions src/end_entity.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ use pki_types::{

use crate::crl::RevocationOptions;
use crate::error::Error;
use crate::subject_name::{verify_dns_names, verify_ip_address_names, NameIterator};
use crate::subject_name::{verify_dns_names, verify_ip_address_names};
use crate::verify_cert::{self, KeyUsage, VerifiedPath};
use crate::{cert, signed_data};

Expand Down Expand Up @@ -125,16 +125,10 @@ impl EndEntityCert<'_> {
server_name: &ServerName<'_>,
) -> Result<(), Error> {
match server_name {
ServerName::DnsName(dns_name) => verify_dns_names(
dns_name,
NameIterator::new(Some(self.inner.subject), self.inner.subject_alt_name),
),
ServerName::DnsName(dns_name) => verify_dns_names(dns_name, &self.inner),
// IP addresses are not compared against the subject field;
// only against Subject Alternative Names.
ServerName::IpAddress(ip_address) => verify_ip_address_names(
ip_address,
NameIterator::new(None, self.inner.subject_alt_name),
),
ServerName::IpAddress(ip_address) => verify_ip_address_names(ip_address, &self.inner),
_ => Err(Error::UnsupportedNameType),
}
}
Expand Down
9 changes: 3 additions & 6 deletions src/subject_name/dns_name.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,11 @@ use core::fmt::Write;
use pki_types::{DnsName, InvalidDnsNameError};

use super::verify::{GeneralName, NameIterator};
use crate::Error;
use crate::{Cert, Error};

pub(crate) fn verify_dns_names(
reference: &DnsName<'_>,
mut names: NameIterator<'_>,
) -> Result<(), Error> {
pub(crate) fn verify_dns_names(reference: &DnsName<'_>, cert: &Cert<'_>) -> Result<(), Error> {
let dns_name = untrusted::Input::from(reference.as_ref().as_bytes());
names
NameIterator::new(Some(cert.subject), cert.subject_alt_name)
.find_map(|result| {
let name = match result {
Ok(name) => name,
Expand Down
9 changes: 3 additions & 6 deletions src/subject_name/ip_address.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,15 @@
use pki_types::IpAddr;

use super::verify::{GeneralName, NameIterator};
use crate::Error;
use crate::{Cert, Error};

pub(crate) fn verify_ip_address_names(
reference: &IpAddr,
mut names: NameIterator<'_>,
) -> Result<(), Error> {
pub(crate) fn verify_ip_address_names(reference: &IpAddr, cert: &Cert<'_>) -> Result<(), Error> {
let ip_address = match reference {
IpAddr::V4(ip) => untrusted::Input::from(ip.as_ref()),
IpAddr::V6(ip) => untrusted::Input::from(ip.as_ref()),
};

names
NameIterator::new(None, cert.subject_alt_name)
.find_map(|result| {
let name = match result {
Ok(name) => name,
Expand Down

0 comments on commit 4143e95

Please sign in to comment.