30 const char *h =
static_cast<const char *
>(a);
31 const char *d =
static_cast<const char *
>(b);
32 debugs(28, 7,
"Match:" << h <<
" <> " << d);
42 debugs(28, 3,
"checking '" << host <<
"'");
44 char *h =
const_cast<char *
>(host);
47 debugs(28, 3,
"'" << host <<
"' " << (result ?
"found" :
"NOT found"));
49 return (result !=
nullptr);
56 template<
class MatchType>
63 if (cn_data->length > (
int)
sizeof(cn) - 1)
66 char *s =
reinterpret_cast<char *
>(cn_data->data);
68 for (
int i = 0; i < cn_data->length; ++i, ++d, ++s) {
73 cn[cn_data->length] =
'\0';
74 debugs(28, 4,
"Verifying certificate name/subjectAltName " << cn);
83 assert(checklist !=
nullptr && checklist->
request !=
nullptr);
85 const char *serverName =
nullptr;
88 const char *clientRequestedServerName =
nullptr;
89 clientSniKeeper =
conn->tlsClientSni();
90 if (clientSniKeeper.
isEmpty()) {
93 clientRequestedServerName = host;
95 clientRequestedServerName = clientSniKeeper.
c_str();
98 X509 *peer_cert =
conn->serverBump() ?
conn->serverBump()->serverCert.get() :
nullptr;
102 serverName = clientRequestedServerName;
104 serverName = clientRequestedServerName;
106 if (X509 *peer_cert = (
conn->serverBump() ?
conn->serverBump()->serverCert.get() :
nullptr))
109 serverName = clientRequestedServerName;
116 return data->
match(serverName);
125 static const Acl::Options MyOptions = { &ClientRequested, &ServerProvided, &Consensus };
144 if (optionCount > 1) {
int check_cert_domain(void *check_data, ASN1_STRING *cn_data)
static int aclHostDomainCompare(char *const &a, char *const &b)
int conn
the current server connection FD
int matchDomainName(const char *h, const char *d, MatchDomainNameFlags flags)
Splay< char * > * domains
ConnStateData * conn() const
The client connection manager.
virtual bool match(const char *)
Acl::BooleanOptionValue useConsensus
Ignore mismatching names.
Acl::BooleanOptionValue useClientRequested
Ignore server-supplied names.
Acl::BooleanOptionValue useServerProvided
Ignore client-supplied names.
virtual int match(ACLData< MatchType > *&, ACLFilledChecklist *)
virtual const Acl::Options & options()
virtual bool valid() const
a type-specific Option (e.g., a boolean –toggle or -m=SBuf)
void linkWith(Recipient *recipient) const
who to tell when this option is enabled
void host(const char *src)
AnyP::Uri url
the request URI
Value const * find(FindValue const &, int(*compare)(FindValue const &a, Value const &b)) const
#define debugs(SECTION, LEVEL, CONTENT)
bool checkX509ServerValidity(X509 *cert, const char *server)
int matchX509CommonNames(X509 *peer_cert, void *check_data, int(*check_func)(void *check_data, ASN1_STRING *cn_data))
std::vector< const Option * > Options