1
10
13
14
20
21
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
109
110
111
112
113
114
124
125
126
127
128
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_x509.h"
...
...
UINT _nx_secure_x509_common_name_dns_check(NX_SECURE_X509_CERT *certificate, const UCHAR *dns_tld,
UINT dns_tld_length)
{
INT compare_value;
UINT status;
const UCHAR *common_name;
USHORT common_name_len;
NX_SECURE_X509_EXTENSION alt_name_extension;
common_name = certificate -> nx_secure_x509_distinguished_name.nx_secure_x509_common_name;
common_name_len = certificate -> nx_secure_x509_distinguished_name.nx_secure_x509_common_name_length;
compare_value = _nx_secure_x509_wildcard_compare(dns_tld, dns_tld_length, common_name, common_name_len);
if (compare_value == 0)
{
return(NX_SECURE_X509_SUCCESS);
}if (compare_value == 0) { ... }
status = _nx_secure_x509_extension_find(certificate, &alt_name_extension, NX_SECURE_TLS_X509_TYPE_SUBJECT_ALT_NAME);
if (status == NX_SECURE_X509_SUCCESS)
{
status = _nx_secure_x509_subject_alt_names_find(&alt_name_extension, dns_tld, dns_tld_length, NX_SECURE_X509_SUB_ALT_NAME_TAG_DNSNAME);
if (status == NX_SECURE_X509_SUCCESS)
{
return(NX_SECURE_X509_SUCCESS);
}if (status == NX_SECURE_X509_SUCCESS) { ... }
}if (status == NX_SECURE_X509_SUCCESS) { ... }
return(NX_SECURE_X509_CERTIFICATE_DNS_MISMATCH);
}{ ... }