1 | use cfg_if::cfg_if; |
2 | use std::io::{Read, Write}; |
3 | use std::ops::{Deref, DerefMut}; |
4 | |
5 | use crate::dh::Dh; |
6 | use crate::error::ErrorStack; |
7 | #[cfg (any(ossl111, libressl340))] |
8 | use crate::ssl::SslVersion; |
9 | use crate::ssl::{ |
10 | HandshakeError, Ssl, SslContext, SslContextBuilder, SslContextRef, SslMethod, SslMode, |
11 | SslOptions, SslRef, SslStream, SslVerifyMode, |
12 | }; |
13 | use crate::version; |
14 | use std::net::IpAddr; |
15 | |
16 | const FFDHE_2048: &str = " |
17 | -----BEGIN DH PARAMETERS----- |
18 | MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz |
19 | +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a |
20 | 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 |
21 | YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi |
22 | 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD |
23 | ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== |
24 | -----END DH PARAMETERS----- |
25 | " ; |
26 | |
27 | #[allow (clippy::inconsistent_digit_grouping, clippy::unusual_byte_groupings)] |
28 | fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> { |
29 | let mut ctx = SslContextBuilder::new(method)?; |
30 | |
31 | cfg_if! { |
32 | if #[cfg(not(boringssl))] { |
33 | let mut opts = SslOptions::ALL |
34 | | SslOptions::NO_COMPRESSION |
35 | | SslOptions::NO_SSLV2 |
36 | | SslOptions::NO_SSLV3 |
37 | | SslOptions::SINGLE_DH_USE |
38 | | SslOptions::SINGLE_ECDH_USE; |
39 | opts &= !SslOptions::DONT_INSERT_EMPTY_FRAGMENTS; |
40 | |
41 | ctx.set_options(opts); |
42 | } |
43 | } |
44 | |
45 | let mut mode = |
46 | SslMode::AUTO_RETRY | SslMode::ACCEPT_MOVING_WRITE_BUFFER | SslMode::ENABLE_PARTIAL_WRITE; |
47 | |
48 | // This is quite a useful optimization for saving memory, but historically |
49 | // caused CVEs in OpenSSL pre-1.0.1h, according to |
50 | // https://bugs.python.org/issue25672 |
51 | if version::number() >= 0x1_00_01_08_0 { |
52 | mode |= SslMode::RELEASE_BUFFERS; |
53 | } |
54 | |
55 | ctx.set_mode(mode); |
56 | |
57 | Ok(ctx) |
58 | } |
59 | |
60 | /// A type which wraps client-side streams in a TLS session. |
61 | /// |
62 | /// OpenSSL's default configuration is highly insecure. This connector manages the OpenSSL |
63 | /// structures, configuring cipher suites, session options, hostname verification, and more. |
64 | /// |
65 | /// OpenSSL's built-in hostname verification is used when linking against OpenSSL 1.0.2 or 1.1.0, |
66 | /// and a custom implementation is used when linking against OpenSSL 1.0.1. |
67 | #[derive (Clone, Debug)] |
68 | pub struct SslConnector(SslContext); |
69 | |
70 | impl SslConnector { |
71 | /// Creates a new builder for TLS connections. |
72 | /// |
73 | /// The default configuration is subject to change, and is currently derived from Python. |
74 | pub fn builder(method: SslMethod) -> Result<SslConnectorBuilder, ErrorStack> { |
75 | let mut ctx = ctx(method)?; |
76 | ctx.set_default_verify_paths()?; |
77 | ctx.set_cipher_list( |
78 | "DEFAULT:!aNULL:!eNULL:!MD5:!3DES:!DES:!RC4:!IDEA:!SEED:!aDSS:!SRP:!PSK" , |
79 | )?; |
80 | setup_verify(&mut ctx); |
81 | |
82 | Ok(SslConnectorBuilder(ctx)) |
83 | } |
84 | |
85 | /// Initiates a client-side TLS session on a stream. |
86 | /// |
87 | /// The domain is used for SNI and hostname verification. |
88 | pub fn connect<S>(&self, domain: &str, stream: S) -> Result<SslStream<S>, HandshakeError<S>> |
89 | where |
90 | S: Read + Write, |
91 | { |
92 | self.configure()?.connect(domain, stream) |
93 | } |
94 | |
95 | /// Returns a structure allowing for configuration of a single TLS session before connection. |
96 | pub fn configure(&self) -> Result<ConnectConfiguration, ErrorStack> { |
97 | Ssl::new(&self.0).map(|ssl| ConnectConfiguration { |
98 | ssl, |
99 | sni: true, |
100 | verify_hostname: true, |
101 | }) |
102 | } |
103 | |
104 | /// Consumes the `SslConnector`, returning the inner raw `SslContext`. |
105 | pub fn into_context(self) -> SslContext { |
106 | self.0 |
107 | } |
108 | |
109 | /// Returns a shared reference to the inner raw `SslContext`. |
110 | pub fn context(&self) -> &SslContextRef { |
111 | &self.0 |
112 | } |
113 | } |
114 | |
115 | /// A builder for `SslConnector`s. |
116 | pub struct SslConnectorBuilder(SslContextBuilder); |
117 | |
118 | impl SslConnectorBuilder { |
119 | /// Consumes the builder, returning an `SslConnector`. |
120 | pub fn build(self) -> SslConnector { |
121 | SslConnector(self.0.build()) |
122 | } |
123 | } |
124 | |
125 | impl Deref for SslConnectorBuilder { |
126 | type Target = SslContextBuilder; |
127 | |
128 | fn deref(&self) -> &SslContextBuilder { |
129 | &self.0 |
130 | } |
131 | } |
132 | |
133 | impl DerefMut for SslConnectorBuilder { |
134 | fn deref_mut(&mut self) -> &mut SslContextBuilder { |
135 | &mut self.0 |
136 | } |
137 | } |
138 | |
139 | /// A type which allows for configuration of a client-side TLS session before connection. |
140 | pub struct ConnectConfiguration { |
141 | ssl: Ssl, |
142 | sni: bool, |
143 | verify_hostname: bool, |
144 | } |
145 | |
146 | impl ConnectConfiguration { |
147 | /// A builder-style version of `set_use_server_name_indication`. |
148 | pub fn use_server_name_indication(mut self, use_sni: bool) -> ConnectConfiguration { |
149 | self.set_use_server_name_indication(use_sni); |
150 | self |
151 | } |
152 | |
153 | /// Configures the use of Server Name Indication (SNI) when connecting. |
154 | /// |
155 | /// Defaults to `true`. |
156 | pub fn set_use_server_name_indication(&mut self, use_sni: bool) { |
157 | self.sni = use_sni; |
158 | } |
159 | |
160 | /// A builder-style version of `set_verify_hostname`. |
161 | pub fn verify_hostname(mut self, verify_hostname: bool) -> ConnectConfiguration { |
162 | self.set_verify_hostname(verify_hostname); |
163 | self |
164 | } |
165 | |
166 | /// Configures the use of hostname verification when connecting. |
167 | /// |
168 | /// Defaults to `true`. |
169 | /// |
170 | /// # Warning |
171 | /// |
172 | /// You should think very carefully before you use this method. If hostname verification is not |
173 | /// used, *any* valid certificate for *any* site will be trusted for use from any other. This |
174 | /// introduces a significant vulnerability to man-in-the-middle attacks. |
175 | pub fn set_verify_hostname(&mut self, verify_hostname: bool) { |
176 | self.verify_hostname = verify_hostname; |
177 | } |
178 | |
179 | /// Returns an `Ssl` configured to connect to the provided domain. |
180 | /// |
181 | /// The domain is used for SNI (if it is not an IP address) and hostname verification if enabled. |
182 | pub fn into_ssl(mut self, domain: &str) -> Result<Ssl, ErrorStack> { |
183 | if self.sni && domain.parse::<IpAddr>().is_err() { |
184 | self.ssl.set_hostname(domain)?; |
185 | } |
186 | |
187 | if self.verify_hostname { |
188 | setup_verify_hostname(&mut self.ssl, domain)?; |
189 | } |
190 | |
191 | Ok(self.ssl) |
192 | } |
193 | |
194 | /// Initiates a client-side TLS session on a stream. |
195 | /// |
196 | /// The domain is used for SNI and hostname verification if enabled. |
197 | pub fn connect<S>(self, domain: &str, stream: S) -> Result<SslStream<S>, HandshakeError<S>> |
198 | where |
199 | S: Read + Write, |
200 | { |
201 | self.into_ssl(domain)?.connect(stream) |
202 | } |
203 | } |
204 | |
205 | impl Deref for ConnectConfiguration { |
206 | type Target = SslRef; |
207 | |
208 | fn deref(&self) -> &SslRef { |
209 | &self.ssl |
210 | } |
211 | } |
212 | |
213 | impl DerefMut for ConnectConfiguration { |
214 | fn deref_mut(&mut self) -> &mut SslRef { |
215 | &mut self.ssl |
216 | } |
217 | } |
218 | |
219 | /// A type which wraps server-side streams in a TLS session. |
220 | /// |
221 | /// OpenSSL's default configuration is highly insecure. This connector manages the OpenSSL |
222 | /// structures, configuring cipher suites, session options, and more. |
223 | #[derive (Clone)] |
224 | pub struct SslAcceptor(SslContext); |
225 | |
226 | impl SslAcceptor { |
227 | /// Creates a new builder configured to connect to non-legacy clients. This should generally be |
228 | /// considered a reasonable default choice. |
229 | /// |
230 | /// This corresponds to the intermediate configuration of version 5 of Mozilla's server side TLS |
231 | /// recommendations. See its [documentation][docs] for more details on specifics. |
232 | /// |
233 | /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS |
234 | pub fn mozilla_intermediate_v5(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { |
235 | let mut ctx = ctx(method)?; |
236 | ctx.set_options(SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1); |
237 | let dh = Dh::params_from_pem(FFDHE_2048.as_bytes())?; |
238 | ctx.set_tmp_dh(&dh)?; |
239 | setup_curves(&mut ctx)?; |
240 | ctx.set_cipher_list( |
241 | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:\ |
242 | ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:\ |
243 | DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" |
244 | )?; |
245 | #[cfg (any(ossl111, libressl340))] |
246 | ctx.set_ciphersuites( |
247 | "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" , |
248 | )?; |
249 | Ok(SslAcceptorBuilder(ctx)) |
250 | } |
251 | |
252 | /// Creates a new builder configured to connect to modern clients. |
253 | /// |
254 | /// This corresponds to the modern configuration of version 5 of Mozilla's server side TLS recommendations. |
255 | /// See its [documentation][docs] for more details on specifics. |
256 | /// |
257 | /// Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer. |
258 | /// |
259 | /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS |
260 | #[cfg (any(ossl111, libressl340))] |
261 | pub fn mozilla_modern_v5(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { |
262 | let mut ctx = ctx(method)?; |
263 | ctx.set_min_proto_version(Some(SslVersion::TLS1_3))?; |
264 | ctx.set_ciphersuites( |
265 | "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" , |
266 | )?; |
267 | Ok(SslAcceptorBuilder(ctx)) |
268 | } |
269 | |
270 | /// Creates a new builder configured to connect to non-legacy clients. This should generally be |
271 | /// considered a reasonable default choice. |
272 | /// |
273 | /// This corresponds to the intermediate configuration of version 4 of Mozilla's server side TLS |
274 | /// recommendations. See its [documentation][docs] for more details on specifics. |
275 | /// |
276 | /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS |
277 | // FIXME remove in next major version |
278 | pub fn mozilla_intermediate(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { |
279 | let mut ctx = ctx(method)?; |
280 | ctx.set_options(SslOptions::CIPHER_SERVER_PREFERENCE); |
281 | #[cfg (any(ossl111, libressl340))] |
282 | ctx.set_options(SslOptions::NO_TLSV1_3); |
283 | let dh = Dh::params_from_pem(FFDHE_2048.as_bytes())?; |
284 | ctx.set_tmp_dh(&dh)?; |
285 | setup_curves(&mut ctx)?; |
286 | ctx.set_cipher_list( |
287 | "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:\ |
288 | ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:\ |
289 | DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:\ |
290 | ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:\ |
291 | ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:\ |
292 | DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:\ |
293 | EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:\ |
294 | AES256-SHA:DES-CBC3-SHA:!DSS" , |
295 | )?; |
296 | Ok(SslAcceptorBuilder(ctx)) |
297 | } |
298 | |
299 | /// Creates a new builder configured to connect to modern clients. |
300 | /// |
301 | /// This corresponds to the modern configuration of version 4 of Mozilla's server side TLS recommendations. |
302 | /// See its [documentation][docs] for more details on specifics. |
303 | /// |
304 | /// [docs]: https://wiki.mozilla.org/Security/Server_Side_TLS |
305 | // FIXME remove in next major version |
306 | pub fn mozilla_modern(method: SslMethod) -> Result<SslAcceptorBuilder, ErrorStack> { |
307 | let mut ctx = ctx(method)?; |
308 | ctx.set_options( |
309 | SslOptions::CIPHER_SERVER_PREFERENCE | SslOptions::NO_TLSV1 | SslOptions::NO_TLSV1_1, |
310 | ); |
311 | #[cfg (any(ossl111, libressl340))] |
312 | ctx.set_options(SslOptions::NO_TLSV1_3); |
313 | setup_curves(&mut ctx)?; |
314 | ctx.set_cipher_list( |
315 | "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:\ |
316 | ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\ |
317 | ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" , |
318 | )?; |
319 | Ok(SslAcceptorBuilder(ctx)) |
320 | } |
321 | |
322 | /// Initiates a server-side TLS session on a stream. |
323 | pub fn accept<S>(&self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> |
324 | where |
325 | S: Read + Write, |
326 | { |
327 | let ssl = Ssl::new(&self.0)?; |
328 | ssl.accept(stream) |
329 | } |
330 | |
331 | /// Consumes the `SslAcceptor`, returning the inner raw `SslContext`. |
332 | pub fn into_context(self) -> SslContext { |
333 | self.0 |
334 | } |
335 | |
336 | /// Returns a shared reference to the inner raw `SslContext`. |
337 | pub fn context(&self) -> &SslContextRef { |
338 | &self.0 |
339 | } |
340 | } |
341 | |
342 | /// A builder for `SslAcceptor`s. |
343 | pub struct SslAcceptorBuilder(SslContextBuilder); |
344 | |
345 | impl SslAcceptorBuilder { |
346 | /// Consumes the builder, returning a `SslAcceptor`. |
347 | pub fn build(self) -> SslAcceptor { |
348 | SslAcceptor(self.0.build()) |
349 | } |
350 | } |
351 | |
352 | impl Deref for SslAcceptorBuilder { |
353 | type Target = SslContextBuilder; |
354 | |
355 | fn deref(&self) -> &SslContextBuilder { |
356 | &self.0 |
357 | } |
358 | } |
359 | |
360 | impl DerefMut for SslAcceptorBuilder { |
361 | fn deref_mut(&mut self) -> &mut SslContextBuilder { |
362 | &mut self.0 |
363 | } |
364 | } |
365 | |
366 | cfg_if! { |
367 | if #[cfg(ossl110)] { |
368 | #[allow (clippy::unnecessary_wraps)] |
369 | fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> { |
370 | Ok(()) |
371 | } |
372 | } else if #[cfg(any(ossl102, libressl))] { |
373 | fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> { |
374 | ctx.set_ecdh_auto(true) |
375 | } |
376 | } else { |
377 | fn setup_curves(ctx: &mut SslContextBuilder) -> Result<(), ErrorStack> { |
378 | use crate::ec::EcKey; |
379 | use crate::nid::Nid; |
380 | |
381 | let curve = EcKey::from_curve_name(Nid::X9_62_PRIME256V1)?; |
382 | ctx.set_tmp_ecdh(&curve) |
383 | } |
384 | } |
385 | } |
386 | |
387 | cfg_if! { |
388 | if #[cfg(any(ossl102, libressl261))] { |
389 | fn setup_verify(ctx: &mut SslContextBuilder) { |
390 | ctx.set_verify(SslVerifyMode::PEER); |
391 | } |
392 | |
393 | fn setup_verify_hostname(ssl: &mut SslRef, domain: &str) -> Result<(), ErrorStack> { |
394 | use crate::x509::verify::X509CheckFlags; |
395 | |
396 | let param = ssl.param_mut(); |
397 | param.set_hostflags(X509CheckFlags::NO_PARTIAL_WILDCARDS); |
398 | match domain.parse() { |
399 | Ok(ip) => param.set_ip(ip), |
400 | Err(_) => param.set_host(domain), |
401 | } |
402 | } |
403 | } else { |
404 | fn setup_verify(ctx: &mut SslContextBuilder) { |
405 | ctx.set_verify_callback(SslVerifyMode::PEER, verify::verify_callback); |
406 | } |
407 | |
408 | fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> { |
409 | let domain = domain.to_string(); |
410 | let hostname_idx = verify::try_get_hostname_idx()?; |
411 | ssl.set_ex_data(*hostname_idx, domain); |
412 | Ok(()) |
413 | } |
414 | |
415 | mod verify { |
416 | use std::net::IpAddr; |
417 | use std::str; |
418 | use once_cell::sync::OnceCell; |
419 | |
420 | use crate::error::ErrorStack; |
421 | use crate::ex_data::Index; |
422 | use crate::nid::Nid; |
423 | use crate::ssl::Ssl; |
424 | use crate::stack::Stack; |
425 | use crate::x509::{ |
426 | GeneralName, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef, |
427 | X509VerifyResult, |
428 | }; |
429 | |
430 | static HOSTNAME_IDX: OnceCell<Index<Ssl, String>> = OnceCell::new(); |
431 | |
432 | pub fn try_get_hostname_idx() -> Result<&'static Index<Ssl, String>, ErrorStack> { |
433 | HOSTNAME_IDX.get_or_try_init(Ssl::new_ex_index) |
434 | } |
435 | |
436 | pub fn verify_callback(preverify_ok: bool, x509_ctx: &mut X509StoreContextRef) -> bool { |
437 | if !preverify_ok || x509_ctx.error_depth() != 0 { |
438 | return preverify_ok; |
439 | } |
440 | |
441 | let hostname_idx = |
442 | try_get_hostname_idx().expect("failed to initialize hostname index" ); |
443 | let ok = match ( |
444 | x509_ctx.current_cert(), |
445 | X509StoreContext::ssl_idx() |
446 | .ok() |
447 | .and_then(|idx| x509_ctx.ex_data(idx)) |
448 | .and_then(|ssl| ssl.ex_data(*hostname_idx)), |
449 | ) { |
450 | (Some(x509), Some(domain)) => verify_hostname(domain, &x509), |
451 | _ => true, |
452 | }; |
453 | |
454 | if !ok { |
455 | x509_ctx.set_error(X509VerifyResult::APPLICATION_VERIFICATION); |
456 | } |
457 | |
458 | ok |
459 | } |
460 | |
461 | fn verify_hostname(domain: &str, cert: &X509Ref) -> bool { |
462 | match cert.subject_alt_names() { |
463 | Some(names) => verify_subject_alt_names(domain, names), |
464 | None => verify_subject_name(domain, &cert.subject_name()), |
465 | } |
466 | } |
467 | |
468 | fn verify_subject_alt_names(domain: &str, names: Stack<GeneralName>) -> bool { |
469 | let ip = domain.parse(); |
470 | |
471 | for name in &names { |
472 | match ip { |
473 | Ok(ip) => { |
474 | if let Some(actual) = name.ipaddress() { |
475 | if matches_ip(&ip, actual) { |
476 | return true; |
477 | } |
478 | } |
479 | } |
480 | Err(_) => { |
481 | if let Some(pattern) = name.dnsname() { |
482 | if matches_dns(pattern, domain) { |
483 | return true; |
484 | } |
485 | } |
486 | } |
487 | } |
488 | } |
489 | |
490 | false |
491 | } |
492 | |
493 | fn verify_subject_name(domain: &str, subject_name: &X509NameRef) -> bool { |
494 | match subject_name.entries_by_nid(Nid::COMMONNAME).next() { |
495 | Some(pattern) => { |
496 | let pattern = match str::from_utf8(pattern.data().as_slice()) { |
497 | Ok(pattern) => pattern, |
498 | Err(_) => return false, |
499 | }; |
500 | |
501 | // Unlike SANs, IP addresses in the subject name don't have a |
502 | // different encoding. |
503 | match domain.parse::<IpAddr>() { |
504 | Ok(ip) => pattern |
505 | .parse::<IpAddr>() |
506 | .ok() |
507 | .map_or(false, |pattern| pattern == ip), |
508 | Err(_) => matches_dns(pattern, domain), |
509 | } |
510 | } |
511 | None => false, |
512 | } |
513 | } |
514 | |
515 | fn matches_dns(mut pattern: &str, mut hostname: &str) -> bool { |
516 | // first strip trailing . off of pattern and hostname to normalize |
517 | if pattern.ends_with('.' ) { |
518 | pattern = &pattern[..pattern.len() - 1]; |
519 | } |
520 | if hostname.ends_with('.' ) { |
521 | hostname = &hostname[..hostname.len() - 1]; |
522 | } |
523 | |
524 | matches_wildcard(pattern, hostname).unwrap_or_else(|| pattern.eq_ignore_ascii_case(hostname)) |
525 | } |
526 | |
527 | fn matches_wildcard(pattern: &str, hostname: &str) -> Option<bool> { |
528 | let wildcard_location = match pattern.find('*' ) { |
529 | Some(l) => l, |
530 | None => return None, |
531 | }; |
532 | |
533 | let mut dot_idxs = pattern.match_indices('.' ).map(|(l, _)| l); |
534 | let wildcard_end = match dot_idxs.next() { |
535 | Some(l) => l, |
536 | None => return None, |
537 | }; |
538 | |
539 | // Never match wildcards if the pattern has less than 2 '.'s (no *.com) |
540 | // |
541 | // This is a bit dubious, as it doesn't disallow other TLDs like *.co.uk. |
542 | // Chrome has a black- and white-list for this, but Firefox (via NSS) does |
543 | // the same thing we do here. |
544 | // |
545 | // The Public Suffix (https://www.publicsuffix.org/) list could |
546 | // potentially be used here, but it's both huge and updated frequently |
547 | // enough that management would be a PITA. |
548 | if dot_idxs.next().is_none() { |
549 | return None; |
550 | } |
551 | |
552 | // Wildcards can only be in the first component, and must be the entire first label |
553 | if wildcard_location != 0 || wildcard_end != wildcard_location + 1 { |
554 | return None; |
555 | } |
556 | |
557 | let hostname_label_end = match hostname.find('.' ) { |
558 | Some(l) => l, |
559 | None => return None, |
560 | }; |
561 | |
562 | let pattern_after_wildcard = &pattern[wildcard_end..]; |
563 | let hostname_after_wildcard = &hostname[hostname_label_end..]; |
564 | |
565 | Some(pattern_after_wildcard.eq_ignore_ascii_case(hostname_after_wildcard)) |
566 | } |
567 | |
568 | fn matches_ip(expected: &IpAddr, actual: &[u8]) -> bool { |
569 | match *expected { |
570 | IpAddr::V4(ref addr) => actual == addr.octets(), |
571 | IpAddr::V6(ref addr) => actual == addr.octets(), |
572 | } |
573 | } |
574 | |
575 | #[test ] |
576 | fn test_dns_match() { |
577 | use crate::ssl::connector::verify::matches_dns; |
578 | assert!(matches_dns("website.tld" , "website.tld" )); // A name should match itself. |
579 | assert!(matches_dns("website.tld" , "wEbSiTe.tLd" )); // DNS name matching ignores case of hostname. |
580 | assert!(matches_dns("wEbSiTe.TlD" , "website.tld" )); // DNS name matching ignores case of subject. |
581 | |
582 | assert!(matches_dns("xn--bcher-kva.tld" , "xn--bcher-kva.tld" )); // Likewise, nothing special to punycode names. |
583 | assert!(matches_dns("xn--bcher-kva.tld" , "xn--BcHer-Kva.tLd" )); // And punycode must be compared similarly case-insensitively. |
584 | |
585 | assert!(matches_dns("*.example.com" , "subdomain.example.com" )); // Wildcard matching works. |
586 | assert!(matches_dns("*.eXaMpLe.cOm" , "subdomain.example.com" )); // Wildcard matching ignores case of subject. |
587 | assert!(matches_dns("*.example.com" , "sUbDoMaIn.eXaMpLe.cOm" )); // Wildcard matching ignores case of hostname. |
588 | |
589 | assert!(!matches_dns("prefix*.example.com" , "p.example.com" )); // Prefix longer than the label works and does not match. |
590 | assert!(!matches_dns("*suffix.example.com" , "s.example.com" )); // Suffix longer than the label works and does not match. |
591 | |
592 | assert!(!matches_dns("prefix*.example.com" , "prefix.example.com" )); // Partial wildcards do not work. |
593 | assert!(!matches_dns("*suffix.example.com" , "suffix.example.com" )); // Partial wildcards do not work. |
594 | |
595 | assert!(!matches_dns("prefix*.example.com" , "prefixdomain.example.com" )); // Partial wildcards do not work. |
596 | assert!(!matches_dns("*suffix.example.com" , "domainsuffix.example.com" )); // Partial wildcards do not work. |
597 | |
598 | assert!(!matches_dns("xn--*.example.com" , "subdomain.example.com" )); // Punycode domains with wildcard parts do not match. |
599 | assert!(!matches_dns("xN--*.example.com" , "subdomain.example.com" )); // And we can't bypass a punycode test with weird casing. |
600 | assert!(!matches_dns("Xn--*.example.com" , "subdomain.example.com" )); // And we can't bypass a punycode test with weird casing. |
601 | assert!(!matches_dns("XN--*.example.com" , "subdomain.example.com" )); // And we can't bypass a punycode test with weird casing. |
602 | } |
603 | } |
604 | } |
605 | } |
606 | |