SSL: Several SSL-backend related fixes

axTLS:

This will make the axTLS backend perform the RFC2818 checks, honoring
the VERIFYHOST setting similar to the OpenSSL backend.

Generic for OpenSSL and axTLS:

Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c
files to make them genericly available for both the OpenSSL, axTLS and
other SSL backends. They are now in the new lib/hostcheck.c file.

CyaSSL:

CyaSSL now also has the RFC2818 checks enabled by default. There is a
limitation that the verifyhost can not be enabled exclusively on the
Subject CN field comparison. This SSL backend will thus behave like the
NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words:
setting verifyhost to 0 or 1 will disable the Subject Alt Names checks
too.

Schannel:

Updated the schannel information messages: Split the IP address usage
message from the verifyhost setting and changed the message about
disabling SNI (Server Name Indication, used in HTTP virtual hosting)
into a message stating that the Subject Alternative Names checks are
being disabled when verifyhost is set to 0 or 1. As a side effect of
switching off the RFC2818 related servername checks with
SCH_CRED_NO_SERVERNAME_CHECK
(http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature
is being disabled. This effect is not documented in MSDN, but Wireshark
output clearly shows the effect (details on the libcurl maillist).

PolarSSL:

Fix the prototype change in PolarSSL of ssl_set_session() and the move
of the peer_cert from the ssl_context to the ssl_session. Found this
change in the PolarSSL SVN between r1316 and r1317 where the
POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu
PolarSSL version 1.1.4 the check is to discriminate between lower then
PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN
trunk jumped from version 1.1.1 to 1.2.0.

Generic:

All the SSL backends are fixed and checked to work with the
ssl.verifyhost as a boolean, which is an internal API change.

1 files changed, 59 insertions, 7 deletions

diff --git a/lib/axtls.c b/lib/axtls.c
index e37aed50a..ea94c6cf9 100644
--- a/lib/axtls.c
+++ b/lib/axtls.c
@@ -47,6 +47,8 @@
 #include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
+#include "hostcheck.h"
+
 
 /* SSL_read is opied from axTLS compat layer */
 static int SSL_read(SSL *ssl, void *buf, int num)
@@ -150,7 +152,11 @@ Curl_axtls_connect(struct connectdata *conn,
   int i, ssl_fcn_return;
   const uint8_t *ssl_sessionid;
   size_t ssl_idsize;
-  const char *x509;
+  const char *peer_CN;
+  uint32_t dns_altname_index;
+  const char *dns_altname;
+  int8_t found_subject_alt_names = 0;
+  int8_t found_subject_alt_name_matching_conn = 0;
 
   /* Assuming users will not compile in custom key/cert to axTLS */
   uint32_t client_option = SSL_NO_DEFAULT_KEY|SSL_SERVER_VERIFY_LATER;
@@ -296,19 +302,65 @@ Curl_axtls_connect(struct connectdata *conn,
   /* Here, gtls.c does issuer verification. axTLS has no straightforward
    * equivalent, so omitting for now.*/
 
-  /* See if common name was set in server certificate */
-  x509 = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);
-  if(x509 == NULL)
-    infof(data, "error fetching CN from cert\n");
-
   /* Here, gtls.c does the following
    * 1) x509 hostname checking per RFC2818.  axTLS doesn't support this, but
-   *    it seems useful.  Omitting for now.
+   *    it seems useful. This is now implemented, by Oscar Koeroo
    * 2) checks cert validity based on time.  axTLS does this in ssl_verify_cert
    * 3) displays a bunch of cert information.  axTLS doesn't support most of
    *    this, but a couple fields are available.
    */
 
+
+  /* There is no (DNS) Altnames count in the version 1.4.8 API. There is a
+     risk of an inifite loop */
+  for(dns_altname_index = 0; ; dns_altname_index++) {
+    dns_altname = ssl_get_cert_subject_alt_dnsname(ssl, dns_altname_index);
+    if(dns_altname == NULL) {
+      break;
+    }
+    found_subject_alt_names = 1;
+
+    infof(data, "\tComparing subject alt name DNS with hostname: %s <-> %s\n",
+          dns_altname, conn->host.name);
+    if(Curl_cert_hostcheck(dns_altname, conn->host.name)) {
+      found_subject_alt_name_matching_conn = 1;
+      break;
+    }
+  }
+
+  /* RFC2818 checks */
+  if(found_subject_alt_names && !found_subject_alt_name_matching_conn) {
+    /* Break connection ! */
+    Curl_axtls_close(conn, sockindex);
+    failf(data, "\tsubjectAltName(s) do not match %s\n", conn->host.dispname);
+    return CURLE_PEER_FAILED_VERIFICATION;
+  }
+  else if(found_subject_alt_names == 0) {
+    /* Per RFC2818, when no Subject Alt Names were available, examine the peer
+       CN as a legacy fallback */
+    peer_CN = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);
+    if(peer_CN == NULL) {
+      /* Similar behaviour to the OpenSSL interface */
+      Curl_axtls_close(conn, sockindex);
+      failf(data, "unable to obtain common name from peer certificate");
+      return CURLE_PEER_FAILED_VERIFICATION;
+    }
+    else {
+      if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
+        if(data->set.ssl.verifyhost) {
+          /* Break connection ! */
+          Curl_axtls_close(conn, sockindex);
+          failf(data, "\tcommon name \"%s\" does not match \"%s\"\n",
+                peer_CN, conn->host.dispname);
+          return CURLE_PEER_FAILED_VERIFICATION;
+        }
+        else
+          infof(data, "\tcommon name \"%s\" does not match \"%s\"\n",
+                peer_CN, conn->host.dispname);
+      }
+    }
+  }
+
   /* General housekeeping */
   conn->ssl[sockindex].state = ssl_connection_complete;
   conn->ssl[sockindex].ssl = ssl;