Add ability to check if hostname is valid for a specific cert

This commit adds two new bifs, x509_check_hostname and x509_check_cert_hostname. These bifs can be used to check if a given hostname which can, e.g., be sent in a SNI is valid for a specific certificate. This PR furthermore modifies the ssl logs again, and adds information about this to the log-file. Furthermore we now by default remove the server certificate information from ssl.log - I doubt that this is often looked at, it is not present in TLS 1.3, we do still have the SNI, and if you need it you have the information in x509.log. This also fixes a small potential problem in X509.cc assuming there might be SAN-entries that contain null-bytes. Baseline update will follow in another commit.
2025-10-07 09:08:20 +00:00 · 2021-06-29 14:56:43 +01:00 · 2021-06-29 14:56:43 +01:00 · 833168090a
commit 833168090a
parent 5479ce607a
9 changed files with 341 additions and 4 deletions
--- a/src/Val.cc
+++ b/src/Val.cc
@ -986,6 +986,12 @@ string StringVal::ToStdString() const
 	return string((char*)bs->Bytes(), bs->Len());
 	}

+string_view StringVal::ToStdStringView() const
+	{
+	auto* bs = AsString();
+	return string_view((char*)bs->Bytes(), bs->Len());
+	}
+
 StringVal* StringVal::ToUpper()
 	{
 	string_val->ToUpper();