~rafael/gembro

29311277b3e9988f13296fa87bd865f08fe17e53 — RafaĆ«l L. Bekkema 3 years ago 3e9ae12
Change commonname cert fix
1 files changed, 15 insertions(+), 7 deletions(-)

M gemini/gemini.go
M gemini/gemini.go => gemini/gemini.go +15 -7
@@ 4,6 4,7 @@ import (
	"bufio"
	"context"
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io"
	"log"


@@ 90,13 91,8 @@ func (client *Client) LoadURL(ctx context.Context, surl url.URL, skipVerify bool
		Config: &tls.Config{
			InsecureSkipVerify: true,
			VerifyConnection: func(state tls.ConnectionState) error {
				cert := state.PeerCertificates[0]
				// CommonName error workaround
				if strings.Contains(cert.Subject.CommonName, ".") {
					cert.DNSNames = append(cert.DNSNames, cert.Subject.CommonName)
					cert.Subject.CommonName = ""
				}
				err := cert.VerifyHostname(surl.Hostname())
				fixCert(state.PeerCertificates[0])
				err := state.PeerCertificates[0].VerifyHostname(surl.Hostname())
				if err != nil {
					return err
				}


@@ 177,3 173,15 @@ func ParseLink(line string) (*Link, error) {
		Name: strings.TrimSpace(chars[idx:]),
	}, nil
}

func fixCert(cert *x509.Certificate) {
	if !strings.Contains(cert.Subject.CommonName, ".") {
		return
	}
	for _, item := range cert.DNSNames {
		if item == cert.Subject.CommonName {
			return
		}
	}
	cert.DNSNames = append(cert.DNSNames, cert.Subject.CommonName)
}