Fix hostname validation with an IPv4 SAN

Go can use 16 bytes to store an IPv4 address in a net.IP so it needs to be converted to a 4-byte representation first.

Fix hostname validation with an IPv4 SAN
Go can use 16 bytes to store an IPv4 address in a net.IP so it needs to be converted to a 4-byte representation first.
85c7f475 · Andrew Harding · 2df7e681 · 85c7f475
Commit 85c7f475 authored Apr 17, 2018 by Andrew Harding
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

hostname.go hostname.go +6 -0

No files found.
--- a/hostname.go
+++ b/hostname.go
@@ -95,6 +95,12 @@ func (c *Certificate) CheckEmail(email string, flags CheckFlags) error {
 // Specifically returns ValidationError if the Certificate didn't match but
 // there was no internal error.
 func (c *Certificate) CheckIP(ip net.IP, flags CheckFlags) error {
+	// X509_check_ip will fail to validate the 16-byte representation of an IPv4
+	// address, so convert to the 4-byte representation.
+	if ip4 := ip.To4(); ip4 != nil {
+		ip = ip4
+	}
+
 	cip := unsafe.Pointer(&ip[0])
 	rv := C.X509_check_ip(c.x, (*C.uchar)(cip), C.size_t(len(ip)),
 		C.uint(flags))