| 653 | } |
| 654 | |
| 655 | bool tlsValidateCertificateName(tls_connection* conn){ |
| 656 | const char* cn = ""; |
| 657 | if (tlsCheckCertificateAgainstAllowlist(conn, g_pserver->tls_allowlist, &cn)) { |
| 658 | return true; |
| 659 | } else { |
| 660 | /* If neither the CN nor the SANs match, update the SSL error and return false */ |
| 661 | conn->c.last_errno = 0; |
| 662 | if (conn->ssl_error) zfree(conn->ssl_error); |
| 663 | size_t bufsize = 512; |
| 664 | conn->ssl_error = (char*)zmalloc(bufsize); |
| 665 | snprintf(conn->ssl_error, bufsize, "Client CN (%s) and SANs not found in allowlist.", cn); |
| 666 | return false; |
| 667 | } |
| 668 | } |
| 669 | |
| 670 | static connection *createTLSConnection(int client_side) { |
| 671 | SSL_CTX *ctx = redis_tls_ctx; |
no test coverage detected