VerifyHostname - Code Search

okhttp/src/main/kotlin/okhttp3/internal/tls/OkHostnameVerifier.kt

    }
  }

  /** Returns true if [certificate] matches [hostname]. */
  private fun verifyHostname(
    hostname: String,
    certificate: X509Certificate,
  ): Boolean {
    val hostname = hostname.asciiToLowercase()
    return getSubjectAltNames(certificate, ALT_DNS_NAME).any {
      verifyHostname(hostname, it)
    }
  }

  /**

Registered: Sun Jun 16 04:42:17 UTC 2024

- Last Modified: Mon Apr 15 14:55:09 UTC 2024

- 7.7K bytes

- Viewed (0)

github.com/golang/go

src/crypto/x509/root_darwin.go

		return nil, errors.New("x509: macOS certificate verification internal error")
	}

	if opts.DNSName != "" {
		// If we have a DNS name, apply our own name verification
		if err := chain[0][0].VerifyHostname(opts.DNSName); err != nil {
			return nil, err
		}
	}

	keyUsages := opts.KeyUsages
	if len(keyUsages) == 0 {
		keyUsages = []ExtKeyUsage{ExtKeyUsageServerAuth}
	}

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Wed Mar 01 00:36:38 UTC 2023

- 3.5K bytes

- Viewed (0)

github.com/golang/go

src/crypto/x509/verify.go

// VerifyOptions contains parameters for Certificate.Verify.
type VerifyOptions struct {
	// DNSName, if set, is checked against the leaf certificate with
	// Certificate.VerifyHostname or the platform verifier.
	DNSName string

	// Intermediates is an optional pool of certificates that are not trust
	// anchors, but can be used to form a chain from the leaf certificate to a
	// root certificate.

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Wed May 22 22:58:39 UTC 2024

- 35.7K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

cmd/kubeadm/app/phases/certs/certs.go

	for _, dnsName := range cfg.AltNames.DNSNames {
		if err := cert.VerifyHostname(dnsName); err != nil {
			return errors.Wrapf(err, "certificate %s is invalid", baseName)
		}
	}
	for _, ipAddress := range cfg.AltNames.IPs {
		if err := cert.VerifyHostname(ipAddress.String()); err != nil {
			return errors.Wrapf(err, "certificate %s is invalid", baseName)
		}
	}
	return nil

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Tue Dec 05 10:17:14 UTC 2023

- 19.4K bytes

- Viewed (0)

github.com/golang/go

src/crypto/x509/x509_test.go

		},
	}
	err = c.VerifyHostname("1.2.3.4")
	if err == nil {
		t.Fatalf("VerifyHostname(1.2.3.4) should have failed, did not")
	}

	c = &Certificate{
		IPAddresses: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")},
	}
	err = c.VerifyHostname("127.0.0.1")
	if err != nil {
		t.Fatalf("VerifyHostname(127.0.0.1): %v", err)
	}
	err = c.VerifyHostname("::1")
	if err != nil {

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Wed May 22 21:00:16 UTC 2024

- 163.4K bytes

- Viewed (0)

github.com/golang/go

src/crypto/tls/conn.go

	return c.ocspResponse
}

// VerifyHostname checks that the peer certificate chain is valid for
// connecting to host. If so, it returns nil; if not, it returns an error
// describing the problem.
func (c *Conn) VerifyHostname(host string) error {
	c.handshakeMutex.Lock()
	defer c.handshakeMutex.Unlock()
	if !c.isClient {
		return errors.New("tls: VerifyHostname called on TLS server connection")
	}

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Thu May 23 03:10:12 UTC 2024

- 51.8K bytes

- Viewed (0)

github.com/golang/go

src/crypto/tls/tls_test.go

	testenv.MustHaveExternalNetwork(t)

	c, err := Dial("tcp", "www.google.com:https", nil)
	if err != nil {
		t.Fatal(err)
	}
	if err := c.VerifyHostname("www.google.com"); err != nil {
		t.Fatalf("verify www.google.com: %v", err)
	}
	if err := c.VerifyHostname("www.yahoo.com"); err == nil {
		t.Fatalf("verify www.yahoo.com succeeded")
	}

	c, err = Dial("tcp", "www.google.com:https", &Config{InsecureSkipVerify: true})

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Thu May 23 03:10:12 UTC 2024

- 60.5K bytes

- Viewed (0)

github.com/golang/go

src/crypto/x509/verify_test.go

	}
	c, err := ParseCertificate(cDER)
	if err != nil {
		t.Fatalf("failed to parse certificate: %s", err)
	}

	if err := c.VerifyHostname("label"); err == nil {
		t.Fatalf("VerifyHostname unexpected success with bare wildcard SAN")
	}

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Thu May 23 01:00:11 UTC 2024

- 110.2K bytes

- Viewed (0)

github.com/golang/go

src/crypto/x509/name_constraints_test.go

				{},
			},
		},
		leaf: leafSpec{
			sans: []string{"unknown:"},
		},
	},

	// #30: without SANs, a certificate with a CN is still accepted in a
	// constrained chain, since we ignore the CN in VerifyHostname.
	{
		roots: []constraintsSpec{
			{
				ok: []string{"dns:foo.com", "dns:.foo.com"},
			},
		},
		intermediates: [][]constraintsSpec{
			{
				{},
			},
		},
		leaf: leafSpec{

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Thu May 09 22:40:21 UTC 2024

- 45.2K bytes

- Viewed (0)

github.com/golang/go

src/crypto/tls/handshake_client.go

		if len(session.verifiedChains) == 0 {
			// The original connection had InsecureSkipVerify, while this doesn't.
			return nil, nil, nil, nil
		}
		if err := session.peerCertificates[0].VerifyHostname(c.config.ServerName); err != nil {
			return nil, nil, nil, nil
		}
	}

	if session.version != VersionTLS13 {
		// In TLS 1.2 the cipher suite must match the resumed session. Ensure we

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Thu May 23 03:10:12 UTC 2024

- 38.6K bytes

- Viewed (0)

Search Options