On Thu, Oct 08, 2015 at 04:32:58PM +0200, Lukas Venhoda wrote: > Spice debug message printed only IPv4 addresses using inet_ntoa. > Changed to inet_pton for IPv6 support. > > Can't use getnameinfo, because IP address in certificate is already in > struct in(6)_addr format used by inet_ntop function. > > Added inet_ntop for Windows XP compatibility. > --- > Changes since v1: > - Added inet_ntop() compatibility function > - For Windows XP > - Added ip_address_to_string() function > - Cleaned up alt match debug message > --- > common/ssl_verify.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 48 insertions(+), 2 deletions(-) > > diff --git a/common/ssl_verify.c b/common/ssl_verify.c > index 0b7d958..ca3bd23 100644 > --- a/common/ssl_verify.c > +++ b/common/ssl_verify.c > @@ -34,6 +34,49 @@ > #include <ctype.h> > #include <string.h> > > +#ifdef WIN32 > +/* Code snippet from http://memset.wordpress.com/2010/10/09/inet_ntop-for-win32/ */ > +static const char * inet_ntop(int af, const void * src, char * dst, socklen_t size) > +{ > + struct sockaddr_in addr_in; > + > + memset(&addr_in, 0, sizeof(struct sockaddr_in)); > + memcpy(&(addr_in.sin_addr), src, sizeof(addr_in.sin_addr)); > + > + addr_in.sin_family = af; > + if (WSAAddressToString((struct sockaddr *) &addr_in, sizeof(struct sockaddr_in), 0, dst, &size) != 0) { > + spice_warning("WSAAddressToString() : %d", WSAGetLastError()); > + return NULL; > + } > + return dst; > +} > +#endif Is this code released under a LGPLv2-compatible licence? If not, we cannot reuse it like that. > + > +static int ip_address_to_string(const void * ip_addr, char * string, int ipv6) > +{ > + int ipversion; > + int af; > + socklen_t addr_len; > + > + memset(string, 0, INET6_ADDRSTRLEN); > + > + if (ipv6) { > + af = AF_INET6; > + addr_len = INET6_ADDRSTRLEN; > + ipversion = 6; > + } else { > + af = AF_INET; > + addr_len = INET_ADDRSTRLEN; > + ipversion = 4; > + } > + > + if (inet_ntop(af, ip_addr, string, addr_len) == NULL) { > + return 0; > + } > + > + return ipversion; > +} Hmm, might be simpler to use GResolver in the previous commit, and g_inet_address_to_string () here. Christophe > + > static int verify_pubkey(X509* cert, const char *key, size_t key_size) > { > EVP_PKEY* cert_pubkey = NULL; > @@ -221,8 +264,11 @@ static int verify_hostname(X509* cert, const char *hostname) > > if ((addr_len == alt_ip_len)&& > (memcmp(ASN1_STRING_data(name->d.iPAddress), &ip_addr.data, addr_len) == 0)) { > - spice_debug("alt name IP match=%s", > - inet_ntoa(*((struct in_addr*)ASN1_STRING_data(name->d.iPAddress)))); > + char buf[INET6_ADDRSTRLEN]; > + int ipversion = ip_address_to_string((void *)ASN1_STRING_data(name->d.iPAddress), > + buf, addr_len == sizeof(struct in6_addr)); > + spice_debug("alt name IPv%d match=%s", ipversion, buf); > + > GENERAL_NAMES_free(subject_alt_names); > return 1; > } > -- > 2.4.3 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/spice-devel
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel