[Spice-devel] [common PATCH 4/4 v2] ssl-verify: Changed debug msg from IPv4 to IPv6
Lukas Venhoda
lvenhoda at redhat.com
Thu Oct 8 07:32:58 PDT 2015
Spice debug message printed only IPv4 addresses using inet_ntoa.
Changed to inet_pton for IPv6 support.
Can't use getnameinfo, because IP address in certificate is already in
struct in(6)_addr format used by inet_ntop function.
Added inet_ntop for Windows XP compatibility.
---
Changes since v1:
- Added inet_ntop() compatibility function
- For Windows XP
- Added ip_address_to_string() function
- Cleaned up alt match debug message
---
common/ssl_verify.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 48 insertions(+), 2 deletions(-)
diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 0b7d958..ca3bd23 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -34,6 +34,49 @@
#include <ctype.h>
#include <string.h>
+#ifdef WIN32
+/* Code snippet from http://memset.wordpress.com/2010/10/09/inet_ntop-for-win32/ */
+static const char * inet_ntop(int af, const void * src, char * dst, socklen_t size)
+{
+ struct sockaddr_in addr_in;
+
+ memset(&addr_in, 0, sizeof(struct sockaddr_in));
+ memcpy(&(addr_in.sin_addr), src, sizeof(addr_in.sin_addr));
+
+ addr_in.sin_family = af;
+ if (WSAAddressToString((struct sockaddr *) &addr_in, sizeof(struct sockaddr_in), 0, dst, &size) != 0) {
+ spice_warning("WSAAddressToString() : %d", WSAGetLastError());
+ return NULL;
+ }
+ return dst;
+}
+#endif
+
+static int ip_address_to_string(const void * ip_addr, char * string, int ipv6)
+{
+ int ipversion;
+ int af;
+ socklen_t addr_len;
+
+ memset(string, 0, INET6_ADDRSTRLEN);
+
+ if (ipv6) {
+ af = AF_INET6;
+ addr_len = INET6_ADDRSTRLEN;
+ ipversion = 6;
+ } else {
+ af = AF_INET;
+ addr_len = INET_ADDRSTRLEN;
+ ipversion = 4;
+ }
+
+ if (inet_ntop(af, ip_addr, string, addr_len) == NULL) {
+ return 0;
+ }
+
+ return ipversion;
+}
+
static int verify_pubkey(X509* cert, const char *key, size_t key_size)
{
EVP_PKEY* cert_pubkey = NULL;
@@ -221,8 +264,11 @@ static int verify_hostname(X509* cert, const char *hostname)
if ((addr_len == alt_ip_len)&&
(memcmp(ASN1_STRING_data(name->d.iPAddress), &ip_addr.data, addr_len) == 0)) {
- spice_debug("alt name IP match=%s",
- inet_ntoa(*((struct in_addr*)ASN1_STRING_data(name->d.iPAddress))));
+ char buf[INET6_ADDRSTRLEN];
+ int ipversion = ip_address_to_string((void *)ASN1_STRING_data(name->d.iPAddress),
+ buf, addr_len == sizeof(struct in6_addr));
+ spice_debug("alt name IPv%d match=%s", ipversion, buf);
+
GENERAL_NAMES_free(subject_alt_names);
return 1;
}
--
2.4.3
More information about the Spice-devel
mailing list