QSslSocket: Fix isMatchingHostname when the CN is an IP Address
Change-Id: Id083c1434fcb3a64af40e6f8df720719c1029ca7 Fixes: QTBUG-73289 Reviewed-by: Liang Qi <liang.qi@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit is contained in:
Mårten Nordheim
Liang Qi
parent
6a7e2fedef
commit
d8d60696da
@ -2891,8 +2891,6 @@ bool QSslSocketPrivate::isMatchingHostname(const QSslCertificate &cert, const QS
|
|||||||
if (QHostAddress(*it).isEqual(hostAddress, QHostAddress::StrictConversion))
|
if (QHostAddress(*it).isEqual(hostAddress, QHostAddress::StrictConversion))
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const QString lowerPeerName = QString::fromLatin1(QUrl::toAce(peerName));
|
const QString lowerPeerName = QString::fromLatin1(QUrl::toAce(peerName));
|
||||||
|
|||||||
19
tests/auto/network/ssl/qsslsocket/certs/127-0-0-1-as-CN.crt
Normal file
19
tests/auto/network/ssl/qsslsocket/certs/127-0-0-1-as-CN.crt
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIC/jCCAeagAwIBAgIJALBykhTMGxyEMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
|
||||||
|
BAMMCTEyNy4wLjAuMTAeFw0xOTAxMjUyMjU5NDFaFw0xOTAyMjQyMjU5NDFaMBQx
|
||||||
|
EjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
||||||
|
ggEBALMEo10Xd6e5ot4Rg99VejDV/WNdAhY6+2Ilzuc+1XdzDpEQCuqWY2hAGX9m
|
||||||
|
QXyFSR+UcpJWoUFUtJLsArXgRnxT+seHuemrLZGZOkDStUhKNpxfwOmhIT+sLocw
|
||||||
|
qXCwNf9oG4//3evGwGqJhLDpGUhTNVCAMaalb1yrcXskYEkWdelzCTMzoirVvbS2
|
||||||
|
6PH3kE+WPaBehMFruLtp+v7btnVIA305DwFy4CLq+HHFq59BbxRWxhRSkfXM8w+d
|
||||||
|
g05P3VNpEb8Apn4rQ+n/xRz7oZs0Aou4GZG5JAgiLOibbVBK+xnD/UW/txeFWfRZ
|
||||||
|
1dzIi4yAKkdwIhPAg+pP1G6tgZMCAwEAAaNTMFEwHQYDVR0OBBYEFNGZZgb9dbVY
|
||||||
|
FKkkoQp/oAQ2/B51MB8GA1UdIwQYMBaAFNGZZgb9dbVYFKkkoQp/oAQ2/B51MA8G
|
||||||
|
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFvHy0RE96TDw6Q2pfCY
|
||||||
|
aMz/X8dMAEMz5XqC7ImcztVg6VTRHpiw+QFQGqCLwNNuwkD9/pZ3IgVzSbRQw3oW
|
||||||
|
HO7wD30NFl17LQMONBdcmR9FO5ruBh8G0Q1tmeKNtuwjzF3LAkj/J3tAn6eVmHi5
|
||||||
|
75WEK/vQgy9XElN6EC6TgC/4B5/DPdZuEMdL7AP8ADLq9UVf8JC9c4QjU9G1Ce2R
|
||||||
|
PzNwkhkLvtLlcxFcXciuc+oGhLENoJ2ZYHctT/ReOuBoRWEwIB1AeCWxitxjBZ6t
|
||||||
|
lmZ+UewuzJ7y1X5maQZr7w3o8f6DwqwYrmMd45tS6jkHHAJlaCs/yCfVnLBwZ1l4
|
||||||
|
NeM=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
@ -1722,6 +1722,14 @@ void tst_QSslSocket::isMatchingHostname()
|
|||||||
cert = certs.first();
|
cert = certs.first();
|
||||||
QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("192.5.8.16")), true);
|
QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("192.5.8.16")), true);
|
||||||
QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("fe80::3c29:2fa1:dd44:765")), true);
|
QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("fe80::3c29:2fa1:dd44:765")), true);
|
||||||
|
|
||||||
|
/* openssl req -x509 -nodes -new -newkey rsa -keyout /dev/null -out 127-0-0-1-as-CN.crt \
|
||||||
|
-subj "/CN=127.0.0.1"
|
||||||
|
*/
|
||||||
|
certs = QSslCertificate::fromPath(testDataDir + "certs/127-0-0-1-as-CN.crt");
|
||||||
|
QVERIFY(!certs.isEmpty());
|
||||||
|
cert = certs.first();
|
||||||
|
QCOMPARE(QSslSocketPrivate::isMatchingHostname(cert, QString::fromUtf8("127.0.0.1")), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
void tst_QSslSocket::wildcard()
|
void tst_QSslSocket::wildcard()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user