summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslsocket.cpp
diff options
context:
space:
mode:
authorMårten Nordheim <marten.nordheim@qt.io>2019-01-07 18:01:36 +0100
committerMårten Nordheim <marten.nordheim@qt.io>2019-01-24 15:24:14 +0000
commit58c9c4b60991d2665aef29c5981591391524e108 (patch)
tree535365550cf5e202c460e4edbef006ce86ccaaa2 /src/network/ssl/qsslsocket.cpp
parent589a01ff6b1eacf81e74a5fc4801572135214f43 (diff)
Ssl: Add support for IP-address in alternate subject name
While it's not common it still occurs, perhaps especially with 127.0.0.1 Can be tested by attempting to connect to https://1.1.1.1/ using Qt. Change-Id: Idad56476597ab570b8347236ff700fa66ab5b1f4 Fixes: QTBUG-71828 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/network/ssl/qsslsocket.cpp')
-rw-r--r--src/network/ssl/qsslsocket.cpp13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 8d3ca092ff..68de9dedaa 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -2882,6 +2882,19 @@ QSharedPointer<QSslContext> QSslSocketPrivate::sslContext(QSslSocket *socket)
bool QSslSocketPrivate::isMatchingHostname(const QSslCertificate &cert, const QString &peerName)
{
+ QHostAddress hostAddress(peerName);
+ if (!hostAddress.isNull()) {
+ const auto subjectAlternativeNames = cert.subjectAlternativeNames();
+ const auto ipAddresses = subjectAlternativeNames.equal_range(QSsl::AlternativeNameEntryType::IpAddressEntry);
+
+ for (auto it = ipAddresses.first; it != ipAddresses.second; it++) {
+ if (QHostAddress(*it).isEqual(hostAddress, QHostAddress::StrictConversion))
+ return true;
+ }
+
+ return false;
+ }
+
const QString lowerPeerName = QString::fromLatin1(QUrl::toAce(peerName));
const QStringList commonNames = cert.subjectInfo(QSslCertificate::CommonName);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 03:25:40 +0000