Client cert verifier: return error if name does not match

2023-08-18 19:06:38 -04:00 · 2023-08-18 19:06:38 -04:00 · 67b7a2d0ea
commit 67b7a2d0ea
parent 8cc3c13389
1 changed files with 9 additions and 1 deletions
--- a/src/connection/verifier.rs
+++ b/src/connection/verifier.rs
@ -1,6 +1,9 @@
 use crate::{fingerprint::GetFingerprint, mailuser::Mailuser};
 use rustls::server::{ClientCertVerified, ClientCertVerifier};
-use std::{sync::{Arc, Mutex}, io::Read};
+use std::{
+    io::Read,
+    sync::{Arc, Mutex},
+};
 use x509_parser::prelude::*;

 #[derive(Debug)]
@ -40,6 +43,11 @@ impl<S: FingerPrintStore> ClientCertVerifier for Verifier<S> {
                        name_match = name == user.to_string();
                    }
                });
+                if !name_match {
+                    return Err(rustls::Error::InvalidCertificate(
+                        rustls::CertificateError::NotValidForName,
+                    ));
+                }
            }
        }
        todo!()