New check_credentials function, and the check_common_name function ho…

…w handles the subjectAltName type. MDL-11020, MDL-10326
sbourget · Oct 16, 2007 · 00d3c66 · 00d3c66
1 parent 3e2dd3f
commit 00d3c66
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/mnet/peer.php b/mnet/peer.php
@@ -141,17 +141,32 @@ function delete_all_sessions() {
     }
 
     function check_common_name($key) {
+        $credentials = $this->check_credentials($key);
+        return $credentials['validTo_time_t'];
+    }
+
+    function check_credentials($key) {
         $credentials = openssl_x509_parse($key);
         if ($credentials == false) {
             $this->error[] = array('code' => 3, 'text' => get_string("nonmatchingcert", 'mnet', array('','')));
             return false;
+        } elseif (array_key_exists('subjectAltName', $credentials['subject']) && $credentials['subject']['subjectAltName'] != $this->wwwroot) {
+            $a[] = $credentials['subject']['subjectAltName'];
+            $a[] = $this->wwwroot;
+            $this->error[] = array('code' => 5, 'text' => get_string("nonmatchingcert", 'mnet', $a));
+            return false;
         } elseif ($credentials['subject']['CN'] != $this->wwwroot) {
             $a[] = $credentials['subject']['CN'];
             $a[] = $this->wwwroot;
             $this->error[] = array('code' => 4, 'text' => get_string("nonmatchingcert", 'mnet', $a));
             return false;
         } else {
-            return $credentials['validTo_time_t'];
+            if (array_key_exists('subjectAltName', $credentials['subject'])) {
+                $credentials['wwwroot'] = $credentials['subject']['subjectAltName'];
+            } else {
+                $credentials['wwwroot'] = $credentials['subject']['CN'];
+            }
+            return $credentials;
         }
     }