netxduo
Select one of the symbols to view example projects that use it.
 
Outline
...
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_x509.h"
...
...
_nx_secure_x509_common_name_dns_check(NX_SECURE_X509_CERT *, const UCHAR *, UINT)
Files
loading...
CodeScopeSTM32 Libraries and Samplesnetxduonx_secure/src/nx_secure_x509_common_name_dns_check.c
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
/**************************************************************************/ /* */ /* Copyright (c) Microsoft Corporation. All rights reserved. */ /* */ /* This software is licensed under the Microsoft Software License */ /* Terms for Microsoft Azure RTOS. Full text of the license can be */ /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ /* and in the root directory of this software. */ /* */... /**************************************************************************/ ... /**************************************************************************/ /**************************************************************************/ /** */ /** NetX Secure Component */ /** */ /** X.509 Digital Certificates */ /** */... /**************************************************************************/ /**************************************************************************/ #define NX_SECURE_SOURCE_CODE #include "nx_secure_x509.h" ... /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_x509_common_name_dns_check PORTABLE C */ /* 6.1.6 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function checks a certificate's Common Name against a Top */ /* Level Domain name (TLD) provided by the caller for the purposes of */ /* DNS validation of a remote host. This utility function is intended */ /* to be called from within a certificate validation callback routine */ /* provided by the application. The TLD name should be the top part of */ /* the URL used to access the remote host (the "."-separated string */ /* before the first slash). */ /* */ /* NOTE 1: If the Common Name does not match the provided string, the */ /* "subject alt name" field is compared as well. */ /* */ /* NOTE 2: It is important to understand the format of the common name */ /* (and subject alt name) in expected certificates. For */ /* example, some certificates may use a raw IP address or a */ /* wild card. The DNS TLD string must be formatted such that */ /* it will match the expected values in received certificates. */ /* */ /* INPUT */ /* */ /* certificate Pointer to certificate */ /* dns_tld Top-level domain name */ /* dns_tls_length Length of TLS in bytes */ /* */ /* OUTPUT */ /* */ /* status Validity of certificate */ /* */ /* CALLS */ /* */ /* _nx_secure_x509_extension_find Find extension in certificate */ /* _nx_secure_x509_subject_alt_names_find */ /* Find subject alt names */ /* _nx_secure_x509_wildcard_compare Wildcard compare for names */ /* */ /* CALLED BY */ /* */ /* Application code */ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* resulting in version 6.1 */ /* 04-02-2021 Timothy Stapko Modified comment(s), */ /* removed dependency on TLS, */ /* resulting in version 6.1.6 */ /* */... /**************************************************************************/ UINT _nx_secure_x509_common_name_dns_check(NX_SECURE_X509_CERT *certificate, const UCHAR *dns_tld, UINT dns_tld_length) { INT compare_value; UINT status; const UCHAR *common_name; USHORT common_name_len; NX_SECURE_X509_EXTENSION alt_name_extension; /* Get access to our certificate fields. */ common_name = certificate -> nx_secure_x509_distinguished_name.nx_secure_x509_common_name; common_name_len = certificate -> nx_secure_x509_distinguished_name.nx_secure_x509_common_name_length; /* Compare the given string against the common name. */ compare_value = _nx_secure_x509_wildcard_compare(dns_tld, dns_tld_length, common_name, common_name_len); if (compare_value == 0) { return(NX_SECURE_X509_SUCCESS); }if (compare_value == 0) { ... } /* Find the subject alt name extension in the certificate. */ status = _nx_secure_x509_extension_find(certificate, &alt_name_extension, NX_SECURE_TLS_X509_TYPE_SUBJECT_ALT_NAME); /* See if extension present - it is OK if not present! */ if (status == NX_SECURE_X509_SUCCESS) { /* Extract the subject alt name string from the parsed extension. */ status = _nx_secure_x509_subject_alt_names_find(&alt_name_extension, dns_tld, dns_tld_length, NX_SECURE_X509_SUB_ALT_NAME_TAG_DNSNAME); if (status == NX_SECURE_X509_SUCCESS) { return(NX_SECURE_X509_SUCCESS); }if (status == NX_SECURE_X509_SUCCESS) { ... } }if (status == NX_SECURE_X509_SUCCESS) { ... } /* If we get here, none of the strings matched. */ return(NX_SECURE_X509_CERTIFICATE_DNS_MISMATCH); }{ ... }