Swiftdiff options
| author | Kevin Smith <git@kismith.co.uk> | 2020-01-09 13:32:54 (GMT) |
|---|---|---|
| committer | Kevin Smith <git@kismith.co.uk> | 2020-01-09 16:37:40 (GMT) |
| commit | 12d031cf8177fdec0137f9aa7e2912fa23c4416b (patch) | |
| tree | de29bebd027b1a2f76a88ff2946914e6e46fc887 | |
| parent | 3d00d04ffbf40845058f6ede4da2592bb27a255d (diff) | |
| download | swift-master.zip swift-master.tar.bz2 | |
Although we were doing the right thing with punycode
(as far as I can see) for the IDNA entries, we were
forgetting that the comparisons needed to be case
insensitive (checked the RFCs). Now they are.
Test-Information:
Added unit tests for the three flows that were
modified.
Change-Id: Ib17ae3df66159f38339996580dc85a5d99356274
| -rw-r--r-- | Swiften/TLS/ServerIdentityVerifier.cpp | 6 | ||||
| -rw-r--r-- | Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp | 32 |
2 files changed, 35 insertions, 3 deletions
diff --git a/Swiften/TLS/ServerIdentityVerifier.cpp b/Swiften/TLS/ServerIdentityVerifier.cpp index da116e5..18ea2aa 100644 --- a/Swiften/TLS/ServerIdentityVerifier.cpp +++ b/Swiften/TLS/ServerIdentityVerifier.cpp @@ -84,6 +84,6 @@ bool ServerIdentityVerifier::matchesDomain(const std::string& s) const { } - return matchString == matchDomain; + return boost::iequals(matchString, matchDomain); } else { - return s == encodedDomain; + return boost::iequals(s, encodedDomain); } @@ -92,3 +92,3 @@ bool ServerIdentityVerifier::matchesDomain(const std::string& s) const { bool ServerIdentityVerifier::matchesAddress(const std::string& s) const { - return s == domain; + return boost::iequals(s, domain); } diff --git a/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp index 7379b69..47f3db2 100644 --- a/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp +++ b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp @@ -62,2 +62,10 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture { + void testCertificateVerifies_WithMatchingDNSNameMixedCase() { + ServerIdentityVerifier testling(JID("foo@baR.com/baz"), idnConverter.get()); + SimpleCertificate::ref certificate(new SimpleCertificate()); + certificate->addDNSName("Bar.com"); + + CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); + } + void testCertificateVerifies_WithSecondMatchingDNSName() { @@ -161,2 +169,10 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture { + void testCertificateVerifies_WithMatchingXmppAddrMixedCase() { + ServerIdentityVerifier testling(JID("foo@baR.com/baz"), idnConverter.get()); + SimpleCertificate::ref certificate(new SimpleCertificate()); + certificate->addXMPPAddress("bAr.com"); + + CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); + } + void testCertificateVerifies_WithMatchingXmppAddrWithWildcard() { @@ -169,2 +185,10 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture { + void testCertificateVerifies_WithMatchingXmppAddrWithWildcardMixedCase() { + ServerIdentityVerifier testling(JID("foo@im.bAr.com/baz"), idnConverter.get()); + SimpleCertificate::ref certificate(new SimpleCertificate()); + certificate->addXMPPAddress("*.baR.com"); + + CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); + } + void testCertificateVerifies_WithMatchingInternationalXmppAddr() { @@ -177,2 +201,10 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture { + void testCertificateVerifies_WithMatchingInternationalXmppAddrMixedCase() { + ServerIdentityVerifier testling(JID("foo@tRon\xc3\xa7.com/baz"), idnConverter.get()); + SimpleCertificate::ref certificate(new SimpleCertificate()); + certificate->addXMPPAddress("trOn\xc3\xa7.com"); + + CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); + } + void testCertificateVerifies_WithMatchingCNWithoutSAN() { |