Hello, I'm trying to fetch an image off a Google App Engine app. (Hosted on appspot.com).
My script running : imgfetch https://nsylvainoauth.appspot.com/test This is failing because : "server name incorrect (expected *.appspot.com, got nsylvainoauth.appsot.com )" I made a small change to actually add basic wildcard support to get unstuck. It only works for cases like this one (leading wildcard). Here's the patch if anyone is interested. --- a/src/net/tls.c +++ b/src/net/tls.c @@ -2456,10 +2456,25 @@ static void tls_validator_done ( struct tls_session *tls, int rc ) { /* Verify server name */ if ( ( cert->subject.name == NULL ) || ( strcmp ( cert->subject.name, tls->name ) != 0 ) ) { - DBGC ( tls, "TLS %p server name incorrect (expected %s, got " - "%s)\n", tls, tls->name, cert->subject.name ); - rc = -EACCES_WRONG_NAME; - goto err; + if ( cert->subject.name[0] == '*' ) { + char * subject_name = cert->subject.name + 1; + int subject_name_len = strlen(subject_name); + int host_name_len = strlen(tls->name); + if ( ( host_name_len < subject_name_len || + ( strcmp( tls->name + host_name_len - subject_name_len, + subject_name ) ) != 0 ) ) { + DBGC ( tls, "TLS %p wildcard server name incorrect " + "(%s does not end with %s)\n", tls, tls->name, + subject_name); + rc = -EACCES_WRONG_NAME; + goto err; + } + } else { + DBGC ( tls, "TLS %p server name incorrect (expected %s, got " + "%s)\n", tls, tls->name, cert->subject.name ); + rc = -EACCES_WRONG_NAME; + goto err; + } } Now it's actually failing about 50% of the time trying to do the OCSP checks.. but I'll start another thread for this one. Thanks Nicolas
_______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
