Skip to content

Commit 4143e95

Browse files
djcdjc
committed
Pass Cert directly to name verification functions
1 parent 5581187 commit 4143e95

File tree

3 files changed

+9
-21
lines changed

3 files changed

+9
-21
lines changed

src/end_entity.rs

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ use pki_types::{
2020

2121
use crate::crl::RevocationOptions;
2222
use crate::error::Error;
23-
use crate::subject_name::{verify_dns_names, verify_ip_address_names, NameIterator};
23+
use crate::subject_name::{verify_dns_names, verify_ip_address_names};
2424
use crate::verify_cert::{self, KeyUsage, VerifiedPath};
2525
use crate::{cert, signed_data};
2626

@@ -125,16 +125,10 @@ impl EndEntityCert<'_> {
125125
server_name: &ServerName<'_>,
126126
) -> Result<(), Error> {
127127
match server_name {
128-
ServerName::DnsName(dns_name) => verify_dns_names(
129-
dns_name,
130-
NameIterator::new(Some(self.inner.subject), self.inner.subject_alt_name),
131-
),
128+
ServerName::DnsName(dns_name) => verify_dns_names(dns_name, &self.inner),
132129
// IP addresses are not compared against the subject field;
133130
// only against Subject Alternative Names.
134-
ServerName::IpAddress(ip_address) => verify_ip_address_names(
135-
ip_address,
136-
NameIterator::new(None, self.inner.subject_alt_name),
137-
),
131+
ServerName::IpAddress(ip_address) => verify_ip_address_names(ip_address, &self.inner),
138132
_ => Err(Error::UnsupportedNameType),
139133
}
140134
}

src/subject_name/dns_name.rs

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,11 @@ use core::fmt::Write;
1717
use pki_types::{DnsName, InvalidDnsNameError};
1818

1919
use super::verify::{GeneralName, NameIterator};
20-
use crate::Error;
20+
use crate::{Cert, Error};
2121

22-
pub(crate) fn verify_dns_names(
23-
reference: &DnsName<'_>,
24-
mut names: NameIterator<'_>,
25-
) -> Result<(), Error> {
22+
pub(crate) fn verify_dns_names(reference: &DnsName<'_>, cert: &Cert<'_>) -> Result<(), Error> {
2623
let dns_name = untrusted::Input::from(reference.as_ref().as_bytes());
27-
names
24+
NameIterator::new(Some(cert.subject), cert.subject_alt_name)
2825
.find_map(|result| {
2926
let name = match result {
3027
Ok(name) => name,

src/subject_name/ip_address.rs

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -15,18 +15,15 @@
1515
use pki_types::IpAddr;
1616

1717
use super::verify::{GeneralName, NameIterator};
18-
use crate::Error;
18+
use crate::{Cert, Error};
1919

20-
pub(crate) fn verify_ip_address_names(
21-
reference: &IpAddr,
22-
mut names: NameIterator<'_>,
23-
) -> Result<(), Error> {
20+
pub(crate) fn verify_ip_address_names(reference: &IpAddr, cert: &Cert<'_>) -> Result<(), Error> {
2421
let ip_address = match reference {
2522
IpAddr::V4(ip) => untrusted::Input::from(ip.as_ref()),
2623
IpAddr::V6(ip) => untrusted::Input::from(ip.as_ref()),
2724
};
2825

29-
names
26+
NameIterator::new(None, cert.subject_alt_name)
3027
.find_map(|result| {
3128
let name = match result {
3229
Ok(name) => name,

0 commit comments

Comments
 (0)