Multiple verifier reference identities. (Imported from upstream's 8abffa4a73fcbf6536e0a42d736ed9211a8204ea, 9624b50d51de25bb2e3a72e81fe45032d80ea5c2 and 41e3ebd5abacfdf98461cdeb6fa97a4175b7aad3.) Change-Id: Ic9099eb5704b19b4500229e89351371cc6184f9d

commit: 589963f79e114256d895173d7edba9adae1978bd [log] [tgz]
author: Adam Langley <agl@chromium.org> Wed Feb 11 12:18:56 2015 -0800
committer: Adam Langley <agl@chromium.org> Fri Feb 13 10:59:10 2015 -0800
tree: b4cd783738fcde5181e325be15fa44d27730ed89
parent: a1048a772fc19a1c3b5572b780b7df174b231a7c [diff] [blame]
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 1650b77..29a2545 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c

@@ -704,12 +704,27 @@
 	return ctx->verify_cb(0, ctx);
 	}
 
+static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
+	{
+	size_t i;
+	size_t n = sk_OPENSSL_STRING_num(id->hosts);
+	unsigned char *name;
+
+	for (i = 0; i < n; ++i)
+		{
+		name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i);
+		if (X509_check_host(x, name, strlen((const char*) name), id->hostflags) > 0)
+			return 1;
+		}
+	return n == 0;
+	}
+
 static int check_id(X509_STORE_CTX *ctx)
 	{
 	X509_VERIFY_PARAM *vpm = ctx->param;
 	X509_VERIFY_PARAM_ID *id = vpm->id;
 	X509 *x = ctx->cert;
-	if (id->host && X509_check_host(x, id->host, strlen((const char*) id->host), id->hostflags) <= 0)
+	if (id->hosts && check_hosts(x, id) <= 0)
 		{
 		if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
 			return 0;
commit	589963f79e114256d895173d7edba9adae1978bd	[log] [tgz]
author	Adam Langley <agl@chromium.org>	Wed Feb 11 12:18:56 2015 -0800
committer	Adam Langley <agl@chromium.org>	Fri Feb 13 10:59:10 2015 -0800
tree	b4cd783738fcde5181e325be15fa44d27730ed89
parent	a1048a772fc19a1c3b5572b780b7df174b231a7c [diff] [blame]