diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2019-01-07 18:01:36 +0100 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2019-01-24 15:24:14 +0000 |
commit | 58c9c4b60991d2665aef29c5981591391524e108 (patch) | |
tree | 535365550cf5e202c460e4edbef006ce86ccaaa2 /src/network/ssl/qsslsocket.cpp | |
parent | 589a01ff6b1eacf81e74a5fc4801572135214f43 (diff) |
Ssl: Add support for IP-address in alternate subject name
While it's not common it still occurs, perhaps especially with 127.0.0.1
Can be tested by attempting to connect to https://1.1.1.1/ using Qt.
Change-Id: Idad56476597ab570b8347236ff700fa66ab5b1f4
Fixes: QTBUG-71828
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/network/ssl/qsslsocket.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 8d3ca092ff..68de9dedaa 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -2882,6 +2882,19 @@ QSharedPointer<QSslContext> QSslSocketPrivate::sslContext(QSslSocket *socket) bool QSslSocketPrivate::isMatchingHostname(const QSslCertificate &cert, const QString &peerName) { + QHostAddress hostAddress(peerName); + if (!hostAddress.isNull()) { + const auto subjectAlternativeNames = cert.subjectAlternativeNames(); + const auto ipAddresses = subjectAlternativeNames.equal_range(QSsl::AlternativeNameEntryType::IpAddressEntry); + + for (auto it = ipAddresses.first; it != ipAddresses.second; it++) { + if (QHostAddress(*it).isEqual(hostAddress, QHostAddress::StrictConversion)) + return true; + } + + return false; + } + const QString lowerPeerName = QString::fromLatin1(QUrl::toAce(peerName)); const QStringList commonNames = cert.subjectInfo(QSslCertificate::CommonName); |