slothg / as3crypto

Automatically exported from code.google.com/p/as3crypto
0 stars 0 forks source link

Wildcards not supported in tls #5

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. I'm using as3-stomp to connect to activemq at amq.mycompany.com
2. I replaced all the Socket references to TLSSocket within the as3-stomp source
3. Setup AMQ with a *.mycompany.com certificate
4. Try to connect to amq.mycompany.com

What is the expected output? What do you see instead?

Expected output would be a valid connection instead I get TLSEngine shutdown 
triggered by 
Error: Invalid common name: *.mycompany.com, expected amq.mycompany.com

What version of the product are you using? On what operating system?

Using 1.3 mac os x with firefox 3 using flash trace

Please provide any additional information below.

Line 694 of TLSEngine is where the exception originates. The issue is the 
direct string compare 
on line 691.  This should be improved to allow for wildcards.  I'm going to 
look at fixing this up, 
maybe with regex.  Not sure how to submit a patch.

Original issue reported on code.google.com by Crunchy...@gmail.com on 13 Oct 2008 at 9:34

Attachments:

GoogleCodeExporter commented 9 years ago
I have fixed the issue here is a diff.

Original comment by Crunchy...@gmail.com on 14 Oct 2008 at 4:30

Attachments:

GoogleCodeExporter commented 9 years ago
You unfortunately supplied the diff arguments the wrong way around, and so your 
patch
will not work (basically will undo from future revision). Attached is a modified
patch that should work.

Original comment by sweetlil...@gmail.com on 31 Oct 2008 at 9:44

Attachments:

GoogleCodeExporter commented 9 years ago
The original patch only supported domains 3 levels deep (aka flash.company.com 
with a *.company.com cert).  
This now supports arbitrarily deep levels (aka flash.dev.company.com with 
*.company.com cert).

Original comment by Crunchy...@gmail.com on 8 Jan 2009 at 7:50

Attachments:

GoogleCodeExporter commented 9 years ago
Actually that last patch is broken:
certArray[certArray.length] etc. is out of bounds.

something like this:

var firstCertName:String = firstCert.getCommonName().toLowerCase();
var otherCertName:String = _otherIdentity.toLowerCase();

var re:RegExp = new RegExp("^" + firstCertName.replace("*", ".*") + "$");
if (re.test(otherCertName))
{
...
}

should work.

Original comment by sweetlil...@gmail.com on 15 Mar 2011 at 5:37

GoogleCodeExporter commented 9 years ago
Thank you. This patch was very helpful.

Original comment by denis.vi...@gmail.com on 23 May 2013 at 10:49