Swiftdiff options
| author | Kevin Smith <git@kismith.co.uk> | 2020-01-09 13:32:54 (GMT) |
|---|---|---|
| committer | Kevin Smith <git@kismith.co.uk> | 2020-01-09 16:37:40 (GMT) |
| commit | 12d031cf8177fdec0137f9aa7e2912fa23c4416b (patch) | |
| tree | de29bebd027b1a2f76a88ff2946914e6e46fc887 | |
| parent | 3d00d04ffbf40845058f6ede4da2592bb27a255d (diff) | |
| download | swift-master.zip swift-master.tar.bz2 | |
Although we were doing the right thing with punycode
(as far as I can see) for the IDNA entries, we were
forgetting that the comparisons needed to be case
insensitive (checked the RFCs). Now they are.
Test-Information:
Added unit tests for the three flows that were
modified.
Change-Id: Ib17ae3df66159f38339996580dc85a5d99356274
| -rw-r--r-- | Swiften/TLS/ServerIdentityVerifier.cpp | 6 | ||||
| -rw-r--r-- | Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp | 32 |
2 files changed, 35 insertions, 3 deletions
diff --git a/Swiften/TLS/ServerIdentityVerifier.cpp b/Swiften/TLS/ServerIdentityVerifier.cpp index da116e5..18ea2aa 100644 --- a/Swiften/TLS/ServerIdentityVerifier.cpp +++ b/Swiften/TLS/ServerIdentityVerifier.cpp | |||
| @@ -82,15 +82,15 @@ bool ServerIdentityVerifier::matchesDomain(const std::string& s) const { | |||
| 82 | if (dotIndex != matchDomain.npos) { | 82 | if (dotIndex != matchDomain.npos) { |
| 83 | matchDomain = matchDomain.substr(dotIndex + 1, matchDomain.npos); | 83 | matchDomain = matchDomain.substr(dotIndex + 1, matchDomain.npos); |
| 84 | } | 84 | } |
| 85 | return matchString == matchDomain; | 85 | return boost::iequals(matchString, matchDomain); |
| 86 | } | 86 | } |
| 87 | else { | 87 | else { |
| 88 | return s == encodedDomain; | 88 | return boost::iequals(s, encodedDomain); |
| 89 | } | 89 | } |
| 90 | } | 90 | } |
| 91 | 91 | ||
| 92 | bool ServerIdentityVerifier::matchesAddress(const std::string& s) const { | 92 | bool ServerIdentityVerifier::matchesAddress(const std::string& s) const { |
| 93 | return s == domain; | 93 | return boost::iequals(s, domain); |
| 94 | } | 94 | } |
| 95 | 95 | ||
| 96 | } | 96 | } |
diff --git a/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp index 7379b69..47f3db2 100644 --- a/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp +++ b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp | |||
| @@ -60,6 +60,14 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture { | |||
| 60 | CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); | 60 | CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); |
| 61 | } | 61 | } |
| 62 | 62 | ||
| 63 | void testCertificateVerifies_WithMatchingDNSNameMixedCase() { | ||
| 64 | ServerIdentityVerifier testling(JID("foo@baR.com/baz"), idnConverter.get()); | ||
| 65 | SimpleCertificate::ref certificate(new SimpleCertificate()); | ||
| 66 | certificate->addDNSName("Bar.com"); | ||
| 67 | |||
| 68 | CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); | ||
| 69 | } | ||
| 70 | |||
| 63 | void testCertificateVerifies_WithSecondMatchingDNSName() { | 71 | void testCertificateVerifies_WithSecondMatchingDNSName() { |
| 64 | ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); | 72 | ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); |
| 65 | SimpleCertificate::ref certificate(new SimpleCertificate()); | 73 | SimpleCertificate::ref certificate(new SimpleCertificate()); |
| @@ -159,6 +167,14 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture { | |||
| 159 | CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); | 167 | CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); |
| 160 | } | 168 | } |
| 161 | 169 | ||
| 170 | void testCertificateVerifies_WithMatchingXmppAddrMixedCase() { | ||
| 171 | ServerIdentityVerifier testling(JID("foo@baR.com/baz"), idnConverter.get()); | ||
| 172 | SimpleCertificate::ref certificate(new SimpleCertificate()); | ||
| 173 | certificate->addXMPPAddress("bAr.com"); | ||
| 174 | |||
| 175 | CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); | ||
| 176 | } | ||
| 177 | |||
| 162 | void testCertificateVerifies_WithMatchingXmppAddrWithWildcard() { | 178 | void testCertificateVerifies_WithMatchingXmppAddrWithWildcard() { |
| 163 | ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"), idnConverter.get()); | 179 | ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"), idnConverter.get()); |
| 164 | SimpleCertificate::ref certificate(new SimpleCertificate()); | 180 | SimpleCertificate::ref certificate(new SimpleCertificate()); |
| @@ -167,6 +183,14 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture { | |||
| 167 | CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); | 183 | CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); |
| 168 | } | 184 | } |
| 169 | 185 | ||
| 186 | void testCertificateVerifies_WithMatchingXmppAddrWithWildcardMixedCase() { | ||
| 187 | ServerIdentityVerifier testling(JID("foo@im.bAr.com/baz"), idnConverter.get()); | ||
| 188 | SimpleCertificate::ref certificate(new SimpleCertificate()); | ||
| 189 | certificate->addXMPPAddress("*.baR.com"); | ||
| 190 | |||
| 191 | CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); | ||
| 192 | } | ||
| 193 | |||
| 170 | void testCertificateVerifies_WithMatchingInternationalXmppAddr() { | 194 | void testCertificateVerifies_WithMatchingInternationalXmppAddr() { |
| 171 | ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7.com/baz"), idnConverter.get()); | 195 | ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7.com/baz"), idnConverter.get()); |
| 172 | SimpleCertificate::ref certificate(new SimpleCertificate()); | 196 | SimpleCertificate::ref certificate(new SimpleCertificate()); |
| @@ -175,6 +199,14 @@ class ServerIdentityVerifierTest : public CppUnit::TestFixture { | |||
| 175 | CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); | 199 | CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); |
| 176 | } | 200 | } |
| 177 | 201 | ||
| 202 | void testCertificateVerifies_WithMatchingInternationalXmppAddrMixedCase() { | ||
| 203 | ServerIdentityVerifier testling(JID("foo@tRon\xc3\xa7.com/baz"), idnConverter.get()); | ||
| 204 | SimpleCertificate::ref certificate(new SimpleCertificate()); | ||
| 205 | certificate->addXMPPAddress("trOn\xc3\xa7.com"); | ||
| 206 | |||
| 207 | CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); | ||
| 208 | } | ||
| 209 | |||
| 178 | void testCertificateVerifies_WithMatchingCNWithoutSAN() { | 210 | void testCertificateVerifies_WithMatchingCNWithoutSAN() { |
| 179 | ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); | 211 | ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); |
| 180 | SimpleCertificate::ref certificate(new SimpleCertificate()); | 212 | SimpleCertificate::ref certificate(new SimpleCertificate()); |