From d62344f6747f224f2019f15a034a609d15e14293 Mon Sep 17 00:00:00 2001
From: jake <jake@jakes-mail.top>
Date: Mon, 31 Jan 2022 02:12:57 -0500
Subject: verifying hostname is already a module function :^)

---
 gmi.pl | 31 ++++++++++---------------------
 1 file changed, 10 insertions(+), 21 deletions(-)

(limited to 'gmi.pl')

diff --git a/gmi.pl b/gmi.pl
index 194ac6b..270fa3d 100755
--- a/gmi.pl
+++ b/gmi.pl
@@ -10,7 +10,7 @@ use warnings;
 use feature qw(refaliasing);
 no warnings qw(experimental::refaliasing);
 
-our $VERSION = 'v0.0.30';
+our $VERSION = 'v0.0.31';
 
 # TODO: 
 # back() only works once; should fix this
@@ -298,47 +298,36 @@ sub url {
 }
 
 sub peer_cert {
-	### peer_cert
+	# ## peer_cert
 	# 1. compare figureprint if possible
 	# 2. is it expired?
 	# 3. if error: ask user for imput
 	my ($cl, $hostname) = @_;
-	### before CERT_asHash
+	# ## before CERT_asHash
 	my @peer_certs = $cl->peer_certificates;
 	#print $OUT Dumper(\@peer_certs);
 	#
 	# if the server sends us more than ONE cert then I am baffled as to why but it happens
 	my $peer_cert = CERT_asHash($peer_certs[0]);
-	### IO Socket SSL Utils already has done fingerprinting so we do not need to.
+	# ## IO Socket SSL Utils already has done fingerprinting so we do not need to.
 	my $peer_fingerprint = $peer_cert->{fingerprint_sha256}; 
 	my $peer_not_before = $peer_cert->{not_before};
 	my $peer_not_after = $peer_cert->{not_after};
 	my $peer_commonName = $peer_cert->{subject}->{commonName};
 	my $peer_subjectAltNames = $peer_cert->{subjectAltNames};
+	my $verify_hostname = $cl->verify_hostname($hostname);
 	### $peer_cert
 	### $peer_fingerprint
 	### $peer_not_before
 	### $peer_not_after
 	### $peer_commonName
 	### $peer_subjectAltNames
+	### $verify_hostname
 
-	if ($hostname ne $peer_commonName) {
-		### hostname is not commonName
-		my $counter = 0;
-		my $subjectAltName = 0;
-		for (@$peer_subjectAltNames) {
-			if ($peer_subjectAltNames->[$counter][0] eq 'DNS') {
-				if (lc $peer_subjectAltNames->[$counter][1] eq lc $hostname) {
-					### Good subjectAltName
-					$subjectAltName = 1;
-				}
-			}
-			$counter++;
-		}
-		if (! $subjectAltName) {
-			print $OUT "The server offers a cert that doesn't match their domain name.\n";
-			return 0;
-		}
+	
+	if (! $verify_hostname) {
+		print $OUT "The server offers a cert that doesn't match their domain name.\n";
+		return 0;
 	}
 
 	# compare figureprint...
-- 
cgit v1.2.3