Module: OpenSSL::SSL

Defined in:
lib/extensions/net-http/net/http.rb,
lib/extensions/net-http/net/https.rb,
lib/framework/autocomplete/OpenSSL.rb,
lib/extensions/openssl/openssl/ssl-internal.rb

Defined Under Namespace

Modules: Nonblock, SocketForwarder Classes: SSLContext, SSLServer, SSLSocket

Constant Summary collapse

VERIFY_NONE =
0

Class Method Summary collapse

Class Method Details

.verify_certificate_identity(cert, hostname) ⇒ Object



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# File 'lib/extensions/openssl/openssl/ssl-internal.rb', line 90

def verify_certificate_identity(cert, hostname)
  should_verify_common_name = true
  cert.extensions.each{|ext|
    next if ext.oid != "subjectAltName"
    ext.value.split(/,\s+/).each{|general_name|
      if /\ADNS:(.*)/ =~ general_name
        should_verify_common_name = false
        reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
        return true if /\A#{reg}\z/i =~ hostname
      elsif /\AIP Address:(.*)/ =~ general_name
        should_verify_common_name = false
        return true if $1 == hostname
      end
    }
  }
  if should_verify_common_name
    cert.subject.to_a.each{|oid, value|
      if oid == "CN"
        reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
        return true if /\A#{reg}\z/i =~ hostname
      end
    }
  end
  return false
end