tls: handle multiple CN fields when verifying cert

Fixes #3861.
nodejs · Aug 12, 2012 · 6b18e88 · 6b18e88
1 parent 4ef808e
commit 6b18e88
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/lib/tls.js b/lib/tls.js
@@ -154,7 +154,14 @@ function checkServerIdentity(host, cert) {
 
     // And only after check if hostname matches CN
     // (because CN is deprecated, but should be used for compatiblity anyway)
-    dnsNames.push(regexpify(cert.subject.CN, false));
+    var commonNames = cert.subject.CN;
+    if (Array.isArray(commonNames)) {
+      for (var i = 0, k = commonNames.length; i < k; ++i) {
+        dnsNames.push(regexpify(commonNames[i], false));
+      }
+    } else {
+      dnsNames.push(regexpify(commonNames, false));
+    }
 
     valid = dnsNames.some(function(re) {
       return re.test(host);

diff --git a/test/simple/test-tls-check-server-identity.js b/test/simple/test-tls-check-server-identity.js
@@ -34,6 +34,14 @@ var tests = [
   // No wildcards in CN
   { host: 'b.a.com', cert: { subject: { CN: '*.a.com' } }, result: false },
 
+  // Multiple CN fields
+  {
+    host: 'foo.com', cert: {
+      subject: { CN: ['foo.com', 'bar.com'] } // CN=foo.com; CN=bar.com;
+    },
+    result: true
+  },
+
   // DNS names and CN
   {
     host: 'a.com', cert: {