basegfx/inc/basegfx/tools/b2dclipstate.hxx | 2 extras/source/autotext/lang/en-US/acor_en-US.dat |binary framework/inc/uielement/genericstatusbarcontroller.hxx | 2 sw/source/core/access/accpara.hxx | 2 ucb/source/ucp/webdav/SerfSession.cxx | 44 +++++++++++++++-- ucb/source/ucp/webdav/SerfTypes.hxx | 2 ucb/source/ucp/webdav/SerfUri.hxx | 2 uui/source/iahndl-ssl.cxx | 5 + 8 files changed, 48 insertions(+), 11 deletions(-)
New commits: commit 17e2f9c3d2eb0d3b7f559055327d37171db01c2f Author: Tsutomu Uchino <[email protected]> Date: Tue Jan 21 16:36:08 2014 +0000 #i124067# remove naive entry from auto correct list for en-US diff --git a/extras/source/autotext/lang/en-US/acor_en-US.dat b/extras/source/autotext/lang/en-US/acor_en-US.dat index d4e9a3d..681f362 100644 Binary files a/extras/source/autotext/lang/en-US/acor_en-US.dat and b/extras/source/autotext/lang/en-US/acor_en-US.dat differ commit 226085ad2004319c5142b392bb4b48ab79c3b747 Author: Oliver-Rainer Wittmann <[email protected]> Date: Tue Jan 21 16:32:58 2014 +0000 123744: method <SerfSession::verifySerfCertificateChain(..)> - consider certificate's Subject Alternative Name field when searching for matching certificate host name diff --git a/ucb/source/ucp/webdav/SerfSession.cxx b/ucb/source/ucp/webdav/SerfSession.cxx index dc08678..a5354eb 100644 --- a/ucb/source/ucp/webdav/SerfSession.cxx +++ b/ucb/source/ucp/webdav/SerfSession.cxx @@ -30,7 +30,7 @@ #include "ucbhelper/simplecertificatevalidationrequest.hxx" #include "AprEnv.hxx" -#include <apr_strings.h> +#include <apr/apr_strings.h> #include "DAVAuthListener.hxx" #include "SerfTypes.hxx" @@ -47,6 +47,10 @@ #include <com/sun/star/security/CertificateContainerStatus.hpp> #include <com/sun/star/security/CertificateContainer.hpp> #include <com/sun/star/security/XCertificateContainer.hpp> +#include <com/sun/star/security/CertAltNameEntry.hpp> +#include <com/sun/star/security/XSanExtension.hpp> +#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17" + #include <com/sun/star/ucb/Lock.hpp> #include <com/sun/star/xml/crypto/XSEInitializer.hpp> @@ -479,7 +483,40 @@ apr_status_t SerfSession::verifySerfCertificateChain ( // When the certificate matches the host name then we can use the // result of the verification. - if (isDomainMatch(sServerCertificateSubject)) + bool bHostnameMatchesCertHostnames = false; + { + uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xServerCertificate->getExtensions(); + uno::Sequence< security::CertAltNameEntry > altNames; + for (sal_Int32 i = 0 ; i < extensions.getLength(); ++i) + { + uno::Reference< security::XCertificateExtension >element = extensions[i]; + + const rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength()); + if ( aId.equals( OID_SUBJECT_ALTERNATIVE_NAME ) ) + { + uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY ); + altNames = sanExtension->getAlternativeNames(); + break; + } + } + + uno::Sequence< ::rtl::OUString > certHostNames(altNames.getLength() + 1); + certHostNames[0] = sServerCertificateSubject; + for( int n = 0; n < altNames.getLength(); ++n ) + { + if (altNames[n].Type == security::ExtAltNameType_DNS_NAME) + { + altNames[n].Value >>= certHostNames[n+1]; + } + } + + for ( int i = 0; i < certHostNames.getLength() && !bHostnameMatchesCertHostnames; ++i ) + { + bHostnameMatchesCertHostnames = isDomainMatch( certHostNames[i] ); + } + + } + if ( bHostnameMatchesCertHostnames ) { if (nVerificationResult == 0) @@ -526,8 +563,7 @@ apr_status_t SerfSession::verifySerfCertificateChain ( if ( xSelection.is() ) { - uno::Reference< task::XInteractionApprove > xApprove( - xSelection.get(), uno::UNO_QUERY ); + uno::Reference< task::XInteractionApprove > xApprove( xSelection.get(), uno::UNO_QUERY ); if ( xApprove.is() ) { xCertificateContainer->addCertificate( getHostName(), sServerCertificateSubject, sal_True ); diff --git a/ucb/source/ucp/webdav/SerfTypes.hxx b/ucb/source/ucp/webdav/SerfTypes.hxx index d525d6b..23d8bee 100644 --- a/ucb/source/ucp/webdav/SerfTypes.hxx +++ b/ucb/source/ucp/webdav/SerfTypes.hxx @@ -24,7 +24,7 @@ #ifndef INCLUDED_SERFTYPES_HXX #define INCLUDED_SERFTYPES_HXX -#include <serf.h> +#include <serf/serf.h> typedef serf_connection_t SerfConnection; diff --git a/ucb/source/ucp/webdav/SerfUri.hxx b/ucb/source/ucp/webdav/SerfUri.hxx index d6844a1..8bd45de 100644 --- a/ucb/source/ucp/webdav/SerfUri.hxx +++ b/ucb/source/ucp/webdav/SerfUri.hxx @@ -23,7 +23,7 @@ #ifndef INCLUDED_SERFURI_HXX #define INCLUDED_SERFURI_HXX -#include <apr_uri.h> +#include <apr-util/apr_uri.h> #include <rtl/ustring.hxx> #include "DAVException.hxx" commit 117218483797c0aeedef9b68bdae96a727cb3426 Author: Oliver-Rainer Wittmann <[email protected]> Date: Tue Jan 21 16:17:39 2014 +0000 123744: method <handleCertificateValidationRequest_(..)> - correct consideration of Subject Alternative Name field of the given certificate diff --git a/uui/source/iahndl-ssl.cxx b/uui/source/iahndl-ssl.cxx index 36dd667..0b5119b 100644 --- a/uui/source/iahndl-ssl.cxx +++ b/uui/source/iahndl-ssl.cxx @@ -308,9 +308,10 @@ handleCertificateValidationRequest_( certHostNames[0] = certHostName; - for(int n = 1; n < altNames.getLength(); n++){ + for(int n = 0; n < altNames.getLength(); ++n) + { if (altNames[n].Type == security::ExtAltNameType_DNS_NAME){ - altNames[n].Value >>= certHostNames[n]; + altNames[n].Value >>= certHostNames[n+1]; } } commit 3552c7f9561f43024ca32f50e4bf63b31233b03c Author: Herbert Dürr <[email protected]> Date: Tue Jan 21 16:10:06 2014 +0000 #i123948# fix more class/struct mismatches fix forward declarations that don't match the actual definitions diff --git a/basegfx/inc/basegfx/tools/b2dclipstate.hxx b/basegfx/inc/basegfx/tools/b2dclipstate.hxx index 3db9738..d631d5d 100644 --- a/basegfx/inc/basegfx/tools/b2dclipstate.hxx +++ b/basegfx/inc/basegfx/tools/b2dclipstate.hxx @@ -38,7 +38,7 @@ namespace basegfx namespace tools { - class ImplB2DClipState; + struct ImplB2DClipState; /** This class provides an optimized, symbolic clip state for graphical output diff --git a/framework/inc/uielement/genericstatusbarcontroller.hxx b/framework/inc/uielement/genericstatusbarcontroller.hxx index 34093ed..e3b0159 100644 --- a/framework/inc/uielement/genericstatusbarcontroller.hxx +++ b/framework/inc/uielement/genericstatusbarcontroller.hxx @@ -29,7 +29,7 @@ namespace framework { -class AddonStatusbarItemData; +struct AddonStatusbarItemData; class GenericStatusbarController : public svt::StatusbarController { diff --git a/sw/source/core/access/accpara.hxx b/sw/source/core/access/accpara.hxx index 4e5bd51..fcafae7 100644 --- a/sw/source/core/access/accpara.hxx +++ b/sw/source/core/access/accpara.hxx @@ -55,7 +55,7 @@ namespace rtl { class OUString; } namespace com { namespace sun { namespace star { namespace i18n { struct Boundary; } namespace accessibility { class XAccessibleHyperlink; } - namespace style { class TabStop; } + namespace style { struct TabStop; } } } } typedef ::std::hash_map< ::rtl::OUString,
_______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
