Commit 1f0d4f3d8dd5c87d3f42a913a1af9d6f1f2da437
2014-04-26T13:51:14
netops: unit-test the cert host-name pattern matching This kind of stuff should have unit tests, even if it's just to show what we expect to match successfully.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
diff --git a/src/netops.c b/src/netops.c
index ad27d84..23f482b 100644
--- a/src/netops.c
+++ b/src/netops.c
@@ -207,7 +207,7 @@ static int gitno_ssl_teardown(gitno_ssl *ssl)
}
/* Match host names according to RFC 2818 rules */
-static int match_host(const char *pattern, const char *host)
+int gitno__match_host(const char *pattern, const char *host)
{
for (;;) {
char c = tolower(*pattern++);
@@ -230,9 +230,9 @@ static int match_host(const char *pattern, const char *host)
while(*host) {
char h = tolower(*host);
if (c == h)
- return match_host(pattern, host++);
+ return gitno__match_host(pattern, host++);
if (h == '.')
- return match_host(pattern, host);
+ return gitno__match_host(pattern, host);
host++;
}
return -1;
@@ -250,7 +250,7 @@ static int check_host_name(const char *name, const char *host)
if (!strcasecmp(name, host))
return 0;
- if (match_host(name, host) < 0)
+ if (gitno__match_host(name, host) < 0)
return -1;
return 0;
diff --git a/src/netops.h b/src/netops.h
index 666d66b..8e3a252 100644
--- a/src/netops.h
+++ b/src/netops.h
@@ -54,6 +54,19 @@ enum {
GITNO_CONNECT_SSL_NO_CHECK_CERT = 2,
};
+/**
+ * Check if the name in a cert matches the wanted hostname
+ *
+ * Check if a pattern from a certificate matches the hostname we
+ * wanted to connect to according to RFC2818 rules (which specifies
+ * HTTP over TLS). Mainly, an asterisk matches anything, but is
+ * limited to a single url component.
+ *
+ * Note that this does not set an error message. It expects the user
+ * to provide the message for the user.
+ */
+int gitno__match_host(const char *pattern, const char *host);
+
void gitno_buffer_setup(gitno_socket *t, gitno_buffer *buf, char *data, size_t len);
void gitno_buffer_setup_callback(gitno_socket *t, gitno_buffer *buf, char *data, size_t len, int (*recv)(gitno_buffer *buf), void *cb_data);
int gitno_recv(gitno_buffer *buf);
diff --git a/tests/network/matchhost.c b/tests/network/matchhost.c
new file mode 100644
index 0000000..3100dc2
--- /dev/null
+++ b/tests/network/matchhost.c
@@ -0,0 +1,13 @@
+#include "clar_libgit2.h"
+#include "netops.h"
+
+void test_network_matchhost__match(void)
+{
+ cl_git_pass(gitno__match_host("*.example.org", "www.example.org"));
+ cl_git_pass(gitno__match_host("*.foo.example.org", "www.foo.example.org"));
+ cl_git_fail(gitno__match_host("*.foo.example.org", "foo.example.org"));
+ cl_git_fail(gitno__match_host("*.foo.example.org", "www.example.org"));
+ cl_git_fail(gitno__match_host("*.example.org", "example.org"));
+ cl_git_fail(gitno__match_host("*.example.org", "www.foo.example.org"));
+ cl_git_fail(gitno__match_host("*.example.org", "blah.www.www.example.org"));
+}