1// 2// ssl/impl/host_name_verification.ipp 3// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4// 5// Copyright (c) 2003-2021 Christopher M. Kohlhoff (chris at kohlhoff dot com) 6// 7// Distributed under the Boost Software License, Version 1.0. (See accompanying 8// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) 9// 10 11#ifndef BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP 12#define BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP 13 14#if defined(_MSC_VER) && (_MSC_VER >= 1200) 15# pragma once 16#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) 17 18#include <boost/asio/detail/config.hpp> 19 20#include <cctype> 21#include <cstring> 22#include <boost/asio/ip/address.hpp> 23#include <boost/asio/ssl/host_name_verification.hpp> 24#include <boost/asio/ssl/detail/openssl_types.hpp> 25 26#include <boost/asio/detail/push_options.hpp> 27 28namespace boost { 29namespace asio { 30namespace ssl { 31 32bool host_name_verification::operator()( 33 bool preverified, verify_context& ctx) const 34{ 35 using namespace std; // For memcmp. 36 37 // Don't bother looking at certificates that have failed pre-verification. 38 if (!preverified) 39 return false; 40 41 // We're only interested in checking the certificate at the end of the chain. 42 int depth = X509_STORE_CTX_get_error_depth(ctx.native_handle()); 43 if (depth > 0) 44 return true; 45 46 // Try converting the host name to an address. If it is an address then we 47 // need to look for an IP address in the certificate rather than a host name. 48 boost::system::error_code ec; 49 ip::address address = ip::make_address(host_, ec); 50 const bool is_address = !ec; 51 (void)address; 52 53 X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle()); 54 55 if (is_address) 56 { 57 return X509_check_ip_asc(cert, host_.c_str(), 0) == 1; 58 } 59 else 60 { 61 char* peername = 0; 62 const int result = X509_check_host(cert, 63 host_.c_str(), host_.size(), 0, &peername); 64 OPENSSL_free(peername); 65 return result == 1; 66 } 67} 68 69} // namespace ssl 70} // namespace asio 71} // namespace boost 72 73#include <boost/asio/detail/pop_options.hpp> 74 75#endif // BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP 76