module OpenSSL::SSL

def verify_hostname(hostname, san) # :nodoc:

:nodoc:

def verify_hostname(hostname, san) # :nodoc:
  # RFC 5280, IA5String is limited to the set of ASCII characters
  return false unless san.ascii_only?
  return false unless hostname.ascii_only?
  # See RFC 6125, section 6.4.1
  # Matching is case-insensitive.
  san_parts = san.downcase.split(".")
  # TODO: this behavior should probably be more strict
  return san == hostname if san_parts.size < 2
  # Matching is case-insensitive.
  host_parts = hostname.downcase.split(".")
  # RFC 6125, section 6.4.3, subitem 2.
  # If the wildcard character is the only character of the left-most
  # label in the presented identifier, the client SHOULD NOT compare
  # against anything but the left-most label of the reference
  # identifier (e.g., *.example.com would match foo.example.com but
  # not bar.foo.example.com or example.com).
  return false unless san_parts.size == host_parts.size
  # RFC 6125, section 6.4.3, subitem 1.
  # The client SHOULD NOT attempt to match a presented identifier in
  # which the wildcard character comprises a label other than the
  # left-most label (e.g., do not match bar.*.example.net).
  return false unless verify_wildcard(host_parts.shift, san_parts.shift)
  san_parts.join(".") == host_parts.join(".")
end

Modules

Classes

module OpenSSL::SSL

def verify_hostname(hostname, san) # :nodoc:

Instance Methods