Project

General

Profile

Bug #3733 » certmanager_san_wildcard_hostname.patch

Daniel Schultheis, 06/11/2015 09:07 AM

View differences:

etc/inc/util.inc
838 838
}
839 839

  
840 840
/* returns true if $hostname is a valid hostname, with or without being a fully-qualified domain name. */
841
function is_hostname($hostname) {
841
function is_hostname($hostname, $allow_wildcard=false) {
842 842
	if (!is_string($hostname)) {
843 843
		return false;
844 844
	}
845 845

  
846
	if (is_domain($hostname)) {
846
	if (is_domain($hostname, $allow_wildcard)) {
847 847
		if ((substr_count($hostname, ".") == 1) && ($hostname[strlen($hostname)-1] == ".")) {
848 848
			/* Only a single dot at the end like "test." - hosts cannot be directly in the root domain. */
849 849
			return false;
......
856 856
}
857 857

  
858 858
/* returns true if $domain is a valid domain name */
859
function is_domain($domain) {
859
function is_domain($domain, $allow_wildcard=false) {
860 860
	if (!is_string($domain)) {
861 861
		return false;
862 862
	}
863 863

  
864
	if (preg_match('/^(?:(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9])\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9\.])$/i', $domain)) {
864
	$domain_regex = ($allow_wildcard) ? '/^(?:(?:[a-z_0-9\*]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9])\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9\.])$/i' : '/^(?:(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9])\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9\.])$/i';
865

  
866
	if (preg_match($domain_regex, $domain)) {
865 867
		return true;
866 868
	} else {
867 869
		return false;
usr/local/www/system_certmanager.php
285 285
			foreach ($altnames as $idx => $altname) {
286 286
				switch ($altname['type']) {
287 287
					case "DNS":
288
						if (!is_hostname($altname['value'])) {
289
							array_push($input_errors, "DNS subjectAltName values must be valid hostnames or FQDNs");
288
						if (!is_hostname($altname['value'], true)) {
289
							array_push($input_errors, "DNS subjectAltName values must be valid hostnames, FQDNs or wildcard domains.");
290 290
						}
291 291
						break;
292 292
					case "IP":
(3-3/3)