From 67b7a2d0ea8264fcf9e859668d170be8fdf87172 Mon Sep 17 00:00:00 2001
From: Nathan Fisher <nfisher.sr@gmail.com>
Date: Fri, 18 Aug 2023 19:06:38 -0400
Subject: [PATCH] Client cert verifier: return error if name does not match

---
 src/connection/verifier.rs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/connection/verifier.rs b/src/connection/verifier.rs
index b7c15f5..d466d2e 100644
--- a/src/connection/verifier.rs
+++ b/src/connection/verifier.rs
@@ -1,6 +1,9 @@
 use crate::{fingerprint::GetFingerprint, mailuser::Mailuser};
 use rustls::server::{ClientCertVerified, ClientCertVerifier};
-use std::{sync::{Arc, Mutex}, io::Read};
+use std::{
+    io::Read,
+    sync::{Arc, Mutex},
+};
 use x509_parser::prelude::*;
 
 #[derive(Debug)]
@@ -40,6 +43,11 @@ impl<S: FingerPrintStore> ClientCertVerifier for Verifier<S> {
                         name_match = name == user.to_string();
                     }
                 });
+                if !name_match {
+                    return Err(rustls::Error::InvalidCertificate(
+                        rustls::CertificateError::NotValidForName,
+                    ));
+                }
             }
         }
         todo!()