Add inet_pton and inet_ntop which supports IPv6 address.
inet_aton left for compatibility.
---
common/ssl_verify.c | 32 +++-
1 file changed, 23 insertions(+), 9 deletions(-)
diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index a830800..d247d95 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -161,10 +161,12 @@ static int verify_hostname(X509* cert, const char
*hostname)
{
GENERAL_NAMES* subject_alt_names;
int found_dns_name = 0;
-struct in_addr addr;
+struct in_addr ipv4;
+struct in6_addr ipv6;
int addr_len = 0;
int cn_match = 0;
X509_NAME* subject;
+int using_ipv6 = 0;
spice_return_val_if_fail(hostname != NULL, 0);
@@ -173,9 +175,11 @@ static int verify_hostname(X509* cert, const char
*hostname)
return 0;
}
-// only IpV4 supported
-if (inet_aton(hostname, )) {
+if (inet_aton(hostname, )) {
addr_len = sizeof(struct in_addr);
+} else if (inet_pton(AF_INET6, hostname, )) {
+addr_len = sizeof(struct in6_addr);
+using_ipv6 = 1;
}
/* try matching against:
@@ -211,12 +215,22 @@ static int verify_hostname(X509* cert, const char
*hostname)
} else if (name->type == GEN_IPADD) {
int alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
found_dns_name = 1;
-if ((addr_len == alt_ip_len)&&
-!memcmp(ASN1_STRING_data(name->d.iPAddress), ,
addr_len)) {
-spice_debug("alt name IP match=%s",
-inet_ntoa(*((struct
in_addr*)ASN1_STRING_data(name->d.dNSName;
-GENERAL_NAMES_free(subject_alt_names);
-return 1;
+if (addr_len == alt_ip_len) {
+if (using_ipv6 &&
+!memcmp(ASN1_STRING_data(name->d.iPAddress), ,
addr_len)) {
+char buf[INET6_ADDRSTRLEN];
+inet_ntop(AF_INET6,
+ ((struct
in6_addr*)ASN1_STRING_data(name->d.dNSName)),
+ buf, INET6_ADDRSTRLEN);
+spice_debug("alt name IP match=%s", buf);
+GENERAL_NAMES_free(subject_alt_names);
+return 1;
+} else if (!memcmp(ASN1_STRING_data(name->d.iPAddress),
, addr_len)) {
+spice_debug("alt name IP match=%s",
+inet_ntoa(*((struct
in_addr*)ASN1_STRING_data(name->d.dNSName;
+GENERAL_NAMES_free(subject_alt_names);
+return 1;
+}
}
}
}
--
2.4.3
___
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel