diff options
| author | jake <jake@jakes-mail.top> | 2022-01-31 02:12:57 -0500 |
|---|---|---|
| committer | jake <jake@jakes-mail.top> | 2022-01-31 02:12:57 -0500 |
| commit | d62344f6747f224f2019f15a034a609d15e14293 (patch) | |
| tree | d8d266c4767e4d9ba99ed0cb2206290452d71760 | |
| parent | 33166c7995959d8d809424ac02772bc7a56696d2 (diff) | |
verifying hostname is already a module function :^)
| -rwxr-xr-x | gmi.pl | 31 |
1 files changed, 10 insertions, 21 deletions
@@ -10,7 +10,7 @@ use warnings; use feature qw(refaliasing); no warnings qw(experimental::refaliasing); -our $VERSION = 'v0.0.30'; +our $VERSION = 'v0.0.31'; # TODO: # back() only works once; should fix this @@ -298,47 +298,36 @@ sub url { } sub peer_cert { - ### peer_cert + # ## peer_cert # 1. compare figureprint if possible # 2. is it expired? # 3. if error: ask user for imput my ($cl, $hostname) = @_; - ### before CERT_asHash + # ## before CERT_asHash my @peer_certs = $cl->peer_certificates; #print $OUT Dumper(\@peer_certs); # # if the server sends us more than ONE cert then I am baffled as to why but it happens my $peer_cert = CERT_asHash($peer_certs[0]); - ### IO Socket SSL Utils already has done fingerprinting so we do not need to. + # ## IO Socket SSL Utils already has done fingerprinting so we do not need to. my $peer_fingerprint = $peer_cert->{fingerprint_sha256}; my $peer_not_before = $peer_cert->{not_before}; my $peer_not_after = $peer_cert->{not_after}; my $peer_commonName = $peer_cert->{subject}->{commonName}; my $peer_subjectAltNames = $peer_cert->{subjectAltNames}; + my $verify_hostname = $cl->verify_hostname($hostname); ### $peer_cert ### $peer_fingerprint ### $peer_not_before ### $peer_not_after ### $peer_commonName ### $peer_subjectAltNames + ### $verify_hostname - if ($hostname ne $peer_commonName) { - ### hostname is not commonName - my $counter = 0; - my $subjectAltName = 0; - for (@$peer_subjectAltNames) { - if ($peer_subjectAltNames->[$counter][0] eq 'DNS') { - if (lc $peer_subjectAltNames->[$counter][1] eq lc $hostname) { - ### Good subjectAltName - $subjectAltName = 1; - } - } - $counter++; - } - if (! $subjectAltName) { - print $OUT "The server offers a cert that doesn't match their domain name.\n"; - return 0; - } + + if (! $verify_hostname) { + print $OUT "The server offers a cert that doesn't match their domain name.\n"; + return 0; } # compare figureprint... |