[exim-cvs] UTF8: Cert namechecks always use a-label

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] UTF8: Cert namechecks always use a-label
Gitweb: http://git.exim.org/exim.git/commitdiff/4af0d74a886c7fbd4e3eec1743f4b1d2d8a4d457
Commit:     4af0d74a886c7fbd4e3eec1743f4b1d2d8a4d457
Parent:     9479146eba39483724dc791ad814efe829def406
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Apr 22 20:26:56 2015 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Apr 22 20:26:56 2015 +0100


    UTF8: Cert namechecks always use a-label
---
 doc/doc-txt/experimental-spec.txt |    3 +++
 src/src/tls-gnu.c                 |    7 ++++++-
 src/src/tls-openssl.c             |    7 ++++++-
 3 files changed, 15 insertions(+), 2 deletions(-)


diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index f0490b0..d446f6b 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -1299,6 +1299,9 @@ the appendfile transport, will have utf8 name.
Helo names sent by the smtp transport will have any utf8
components expanded to a-label form.

+Any certificate name checks will be done using the a-label
+form of the name.
+
Log lines and Received-by: header lines will aquire a "utf8"
prefix on the protocol element, eg. utf8esmtp.

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 6162cfa..6db7e4a 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1785,7 +1785,12 @@ tls_client_setup_hostname_checks(host_item * host, exim_gnutls_state_st * state,
 {
 if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
   {
-  state->exp_tls_verify_cert_hostnames = host->name;
+  state->exp_tls_verify_cert_hostnames =
+#ifdef EXPERIMENTAL_INTERNATIONAL
+    string_domain_utf8_to_alabel(host->name, NULL);
+#else
+    host->name;
+#endif
   DEBUG(D_tls)
     debug_printf("TLS: server cert verification includes hostname: \"%s\".\n",
             state->exp_tls_verify_cert_hostnames);
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 65d6089..530266d 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1725,7 +1725,12 @@ if ((rc = setup_certs(ctx, ob->tls_verify_certificates,


 if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
   {
-  cbinfo->verify_cert_hostnames = host->name;
+  cbinfo->verify_cert_hostnames =
+#ifdef EXPERIMENTAL_INTERNATIONAL
+    string_domain_utf8_to_alabel(host->name, NULL);
+#else
+    host->name;
+#endif
   DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
             cbinfo->verify_cert_hostnames);
   }