Ssl: Add support for IP-address in alternate subject name

While it's not common it still occurs, perhaps especially with 127.0.0.1 Can be tested by attempting to connect to https://1.1.1.1/ using Qt. Change-Id: Idad56476597ab570b8347236ff700fa66ab5b1f4 Fixes: QTBUG-71828 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
author: Mårten Nordheim <marten.nordheim@qt.io> 2019-01-07 18:01:36 +0100
committer: Mårten Nordheim <marten.nordheim@qt.io> 2019-01-24 15:24:14 +0000
commit: 58c9c4b60991d2665aef29c5981591391524e108 (patch)
tree: 535365550cf5e202c460e4edbef006ce86ccaaa2 /src/network/ssl/qsslcertificate_qt.cpp
parent: 589a01ff6b1eacf81e74a5fc4801572135214f43 (diff)
1 files changed, 26 insertions, 2 deletions
diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp
index 2bd5b3b412..cce59b5ef3 100644
--- a/src/network/ssl/qsslcertificate_qt.cpp
+++ b/src/network/ssl/qsslcertificate_qt.cpp
@@ -50,6 +50,8 @@
 #include "qasn1element_p.h"
 
 #include <QtCore/qdatastream.h>
+#include <QtCore/qendian.h>
+#include <QtNetwork/qhostaddress.h>
 
 QT_BEGIN_NAMESPACE
 
@@ -403,10 +405,32 @@ bool QSslCertificatePrivate::parse(const QByteArray &data)
                             QDataStream nameStream(sanElem.value());
                             QAsn1Element nameElem;
                             while (nameElem.read(nameStream)) {
-                                if (nameElem.type() == QAsn1Element::Rfc822NameType) {
+                                switch (nameElem.type()) {
+                                case QAsn1Element::Rfc822NameType:
                                     subjectAlternativeNames.insert(QSsl::EmailEntry, nameElem.toString());
-                                } else if (nameElem.type() == QAsn1Element::DnsNameType) {
+                                    break;
+                                case QAsn1Element::DnsNameType:
                                     subjectAlternativeNames.insert(QSsl::DnsEntry, nameElem.toString());
+                                    break;
+                                case QAsn1Element::IpAddressType: {
+                                    QHostAddress ipAddress;
+                                    QByteArray ipAddrValue = nameElem.value();
+                                    switch (ipAddrValue.length()) {
+                                    case 4: // IPv4
+                                        ipAddress = QHostAddress(qFromBigEndian(*reinterpret_cast<quint32 *>(ipAddrValue.data())));
+                                        break;
+                                    case 16: // IPv6
+                                        ipAddress = QHostAddress(reinterpret_cast<quint8 *>(ipAddrValue.data()));
+                                        break;
+                                    default: // Unknown IP address format
+                                        break;
+                                    }
+                                    if (!ipAddress.isNull())
+                                        subjectAlternativeNames.insert(QSsl::IpAddressEntry, ipAddress.toString());
+                                    break;
+                                }
+                                default:
+                                    break;
                                 }
                             }
                         }
author	Mårten Nordheim <marten.nordheim@qt.io>	2019-01-07 18:01:36 +0100
committer	Mårten Nordheim <marten.nordheim@qt.io>	2019-01-24 15:24:14 +0000
commit	58c9c4b60991d2665aef29c5981591391524e108 (patch)
tree	535365550cf5e202c460e4edbef006ce86ccaaa2 /src/network/ssl/qsslcertificate_qt.cpp
parent	589a01ff6b1eacf81e74a5fc4801572135214f43 (diff)