diff options
| author | Jose <jose@zeroc.com> | 2017-02-22 17:40:08 +0100 |
|---|---|---|
| committer | Jose <jose@zeroc.com> | 2017-02-22 17:40:08 +0100 |
| commit | aa3e8bd6874a69aa25ea19625c6493de2b9cb7e0 (patch) | |
| tree | 8d42b267f1ddb06123b09b1c89b1a300a21a530a /cpp | |
| parent | Linux build failure (diff) | |
| download | ice-aa3e8bd6874a69aa25ea19625c6493de2b9cb7e0.tar.bz2 ice-aa3e8bd6874a69aa25ea19625c6493de2b9cb7e0.tar.xz ice-aa3e8bd6874a69aa25ea19625c6493de2b9cb7e0.zip | |
Fix hostname verification to ignore errors when IceSSL.VerifyPeer is 0
Diffstat (limited to 'cpp')
| -rw-r--r-- | cpp/src/IceSSL/SSLEngine.cpp | 10 | ||||
| -rw-r--r-- | cpp/test/IceSSL/configuration/AllTests.cpp | 49 |
2 files changed, 56 insertions, 3 deletions
diff --git a/cpp/src/IceSSL/SSLEngine.cpp b/cpp/src/IceSSL/SSLEngine.cpp index 3ee453925e9..355b8fad16f 100644 --- a/cpp/src/IceSSL/SSLEngine.cpp +++ b/cpp/src/IceSSL/SSLEngine.cpp @@ -210,9 +210,13 @@ IceSSL::SSLEngine::verifyPeer(const string& address, const NativeConnectionInfoP Trace out(_logger, _securityTraceCategory); out << msg; } - SecurityException ex(__FILE__, __LINE__); - ex.reason = msg; - throw ex; + + if(_verifyPeer > 0) + { + SecurityException ex(__FILE__, __LINE__); + ex.reason = msg; + throw ex; + } } } #endif diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp index 95214c79a20..5a52b3f682e 100644 --- a/cpp/test/IceSSL/configuration/AllTests.cpp +++ b/cpp/test/IceSSL/configuration/AllTests.cpp @@ -1386,6 +1386,55 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12) #endif fact->destroyServer(server); comm->destroy(); + + // + // Target host does not match the certificate DNS altName, connection should succeed + // because IceSSL.VerifyPeer is set to 0. + // + initData.properties = createClientProps(defaultProps, p12, "c_rsa_ca1", "cacert1"); + initData.properties->setProperty("IceSSL.CheckCertName", "1"); + initData.properties->setProperty("IceSSL.VerifyPeer", "0"); + comm = initialize(initData); + + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); + test(fact); + d = createServerProps(props, p12, "s_rsa_ca1_cn2", "cacert1"); + server = fact->createServer(d); + try + { + server->ice_ping(); + } + catch(const Ice::LocalException&) + { + test(false); + } + + fact->destroyServer(server); + comm->destroy(); + + // + // Target host does not match the certificate DNS altName, connection should succeed + // because IceSSL.CheckCertName is set to 0. + // + initData.properties = createClientProps(defaultProps, p12, "c_rsa_ca1", "cacert1"); + initData.properties->setProperty("IceSSL.CheckCertName", "0"); + comm = initialize(initData); + + fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); + test(fact); + d = createServerProps(props, p12, "s_rsa_ca1_cn2", "cacert1"); + server = fact->createServer(d); + try + { + server->ice_ping(); + } + catch(const Ice::LocalException&) + { + test(false); + } + + fact->destroyServer(server); + comm->destroy(); } } cout << "ok" << endl; |