From be654dad8abd99d0c6a9626f0772386a4339ca0d Mon Sep 17 00:00:00 2001 From: Michiel Visser Date: Wed, 23 Feb 2022 18:22:30 +0100 Subject: [PATCH] LibCrypto: Certificate parse IP address SAN Subject alternative name entries containing IP addresses will now be parsed and added to the list of SANs. This should allow for certificate verification when accessing IP addresses directly. --- Userland/Libraries/LibTLS/Certificate.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Userland/Libraries/LibTLS/Certificate.cpp b/Userland/Libraries/LibTLS/Certificate.cpp index af85e7f153..825230e45e 100644 --- a/Userland/Libraries/LibTLS/Certificate.cpp +++ b/Userland/Libraries/LibTLS/Certificate.cpp @@ -6,6 +6,7 @@ #include "Certificate.h" #include +#include #include #include #include @@ -441,11 +442,13 @@ Optional Certificate::parse_asn1(ReadonlyBytes buffer, bool) certificate.SAN.append(name); break; } - case 7: + case 7: { // IP Address - // We can't handle these. - DROP_OBJECT_OR_FAIL("Certificate::TBSCertificate::Extensions::$::Extension::extension_value::SubjectAlternativeName::$::IPAddress"); + READ_OBJECT_OR_FAIL(OctetString, StringView, ip_addr_sv, "Certificate::TBSCertificate::Extensions::$::Extension::extension_value::SubjectAlternativeName::$::IPAddress"); + IPv4Address ip_addr { ip_addr_sv.bytes().data() }; + certificate.SAN.append(ip_addr.to_string()); break; + } case 8: // Registered ID // We can't handle these.