Merge branch 'hans/public_key/verify_hostname_ip_address_maint20/OTP-14653' into maint-20

* hans/public_key/verify_hostname_ip_address_maint20/OTP-14653: public_key: verify ip (both v4 and v6) public_key: Added IP4 address checks to hostname_verification tests
author: Erlang/OTP <[email protected]> 2017-11-22 12:23:41 +0100
committer: Erlang/OTP <[email protected]> 2017-11-22 12:23:41 +0100
commit: 7e0312e7b671db630cdad4c722a8608dc5749650 (patch)
tree: 375a5d3e895351307d9badabcf4abfba55e4631c /lib/public_key/src
parent: d366d0f191a5ae53e2de3214fa5759afee4146dc (diff)
parent: 28e032d29013203bd32917ee495cc202f0bb6b4e (diff)
download: otp-7e0312e7b671db630cdad4c722a8608dc5749650.tar.gz
otp-7e0312e7b671db630cdad4c722a8608dc5749650.tar.bz2
otp-7e0312e7b671db630cdad4c722a8608dc5749650.zip
1 files changed, 34 insertions, 3 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index c1ad72b585..31cb1fff3c 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -1454,13 +1454,43 @@ verify_hostname_match_default0({dns_id,R}, {dNSName,P}) ->
     R==P;
 verify_hostname_match_default0({uri_id,R}, {uniformResourceIdentifier,P}) ->
     R==P;
-verify_hostname_match_default0({srv_id,R}, {T,P}) when T == srvName ;
-                                                       T == ?srvName_OID ->
+verify_hostname_match_default0({ip,R}, {iPAddress,P}) when length(P) == 4 ->
+    %% IPv4
+    try
+        list_to_tuple(P)
+            == if is_tuple(R), size(R)==4 -> R;
+                  is_list(R) -> ok(inet:parse_ipv4strict_address(R))
+               end
+    catch
+        _:_ ->
+            false
+    end;
+
+verify_hostname_match_default0({ip,R}, {iPAddress,P}) when length(P) == 16 ->
+    %% IPv6. The length 16 is due to the certificate specification.
+    try
+        l16_to_tup(P)
+            == if is_tuple(R), size(R)==8 -> R;
+                  is_list(R) -> ok(inet:parse_ipv6strict_address(R))
+               end
+    catch
+        _:_ ->
+            false
+    end;
+verify_hostname_match_default0({srv_id,R}, {srvName,P}) ->
+    R==P;
+verify_hostname_match_default0({srv_id,R}, {?srvName_OID,P}) ->
     R==P;
 verify_hostname_match_default0(_, _) ->
     false.
 
+ok({ok,X}) -> X.
 
+l16_to_tup(L) -> list_to_tuple(l16_to_tup(L, [])).
+%%
+l16_to_tup([A,B|T], Acc) -> l16_to_tup(T, [(A bsl 8) bor B | Acc]);
+l16_to_tup([], Acc) -> lists:reverse(Acc).
+    
 match_wild(A,     [$*|B]) -> match_wild_suffixes(A, B);
 match_wild([C|A], [ C|B]) -> match_wild(A, B);
 match_wild([],        []) -> true;
@@ -1505,7 +1535,8 @@ to_lower_ascii(C) when $A =< C,C =< $Z -> C + ($a-$A);
 to_lower_ascii(C) -> C.
 
 to_string(S) when is_list(S) -> S;
-to_string(B) when is_binary(B) -> binary_to_list(B).
+to_string(B) when is_binary(B) -> binary_to_list(B);
+to_string(X) -> X.
 
 format_details([]) ->
     no_relevant_crls;
author	Erlang/OTP <[email protected]>	2017-11-22 12:23:41 +0100
committer	Erlang/OTP <[email protected]>	2017-11-22 12:23:41 +0100
commit	7e0312e7b671db630cdad4c722a8608dc5749650 (patch)
tree	375a5d3e895351307d9badabcf4abfba55e4631c /lib/public_key/src
parent	d366d0f191a5ae53e2de3214fa5759afee4146dc (diff)
parent	28e032d29013203bd32917ee495cc202f0bb6b4e (diff)
download	otp-7e0312e7b671db630cdad4c722a8608dc5749650.tar.gz otp-7e0312e7b671db630cdad4c722a8608dc5749650.tar.bz2 otp-7e0312e7b671db630cdad4c722a8608dc5749650.zip