GmCerts: Relaxed domain verification

Allow a certificate for a higher-level domain to be verified against any subdomains, i.e., implicitly assume every certificate uses wildcards. CA verification is still done separately, and OpenSSL does that strictly as before.
author: Jaakko Keränen <jaakko.keranen@iki.fi> 2021-03-26 11:14:57 +0200
committer: Jaakko Keränen <jaakko.keranen@iki.fi> 2021-03-26 11:14:57 +0200
commit: 1e5dfdc840824723dfa142707aca1f0fca4c0056 (patch)
tree: 1b2c10b7529381754383e7f0140971f26557263a /src/gmcerts.h
parent: 2740b24b1ff0c6c5363303fcc35028d471c1ce0e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/gmcerts.h b/src/gmcerts.h
index a28c050e..a9859845 100644
--- a/src/gmcerts.h
+++ b/src/gmcerts.h
@@ -95,3 +95,5 @@ const iPtrArray *   listIdentities_GmCerts  (const iGmCerts *, iGmCertsIdentityF
 void                signIn_GmCerts          (iGmCerts *, iGmIdentity *identity, const iString *url);
 void                signOut_GmCerts         (iGmCerts *, const iString *url);
+iBool               verifyDomain_GmCerts    (const iTlsCertificate *cert, iRangecc domain);
author	Jaakko Keränen <jaakko.keranen@iki.fi>	2021-03-26 11:14:57 +0200
committer	Jaakko Keränen <jaakko.keranen@iki.fi>	2021-03-26 11:14:57 +0200
commit	1e5dfdc840824723dfa142707aca1f0fca4c0056 (patch)
tree	1b2c10b7529381754383e7f0140971f26557263a /src/gmcerts.h
parent	2740b24b1ff0c6c5363303fcc35028d471c1ce0e (diff)

diff --git a/src/gmcerts.h b/src/gmcerts.h index a28c050e..a9859845 100644 --- a/src/gmcerts.h +++ b/src/gmcerts.h
@@ -95,3 +95,5 @@ const iPtrArray * listIdentities_GmCerts (const iGmCerts *, iGmCertsIdentityF
95		95
96	void signIn_GmCerts (iGmCerts , iGmIdentity identity, const iString *url);	96	void signIn_GmCerts (iGmCerts , iGmIdentity identity, const iString *url);
97	void signOut_GmCerts (iGmCerts , const iString url);	97	void signOut_GmCerts (iGmCerts , const iString url);
		98
		99	iBool verifyDomain_GmCerts (const iTlsCertificate *cert, iRangecc domain);