New check_credentials function, and the check_common_name function how handles the...

diff --git a/mnet/peer.php b/mnet/peer.php
index 46cf2808cd166739582cb61cd3f1b02b5cd56039..6731d3d534281ecdf7133663a9c3febccb7d913a 100644 (file)
--- a/mnet/peer.php
+++ b/mnet/peer.php
@@ -141,17 +141,32 @@ class mnet_peer {
     }
 
     function check_common_name($key) {
+        $credentials = $this->check_credentials($key);
+        return $credentials['validTo_time_t'];
+    }
+
+    function check_credentials($key) {
         $credentials = openssl_x509_parse($key);
         if ($credentials == false) {
             $this->error[] = array('code' => 3, 'text' => get_string("nonmatchingcert", 'mnet', array('','')));
             return false;
+        } elseif (array_key_exists('subjectAltName', $credentials['subject']) && $credentials['subject']['subjectAltName'] != $this->wwwroot) {
+            $a[] = $credentials['subject']['subjectAltName'];
+            $a[] = $this->wwwroot;
+            $this->error[] = array('code' => 5, 'text' => get_string("nonmatchingcert", 'mnet', $a));
+            return false;
         } elseif ($credentials['subject']['CN'] != $this->wwwroot) {
             $a[] = $credentials['subject']['CN'];
             $a[] = $this->wwwroot;
             $this->error[] = array('code' => 4, 'text' => get_string("nonmatchingcert", 'mnet', $a));
             return false;
         } else {
-            return $credentials['validTo_time_t'];
+            if (array_key_exists('subjectAltName', $credentials['subject'])) {
+                $credentials['wwwroot'] = $credentials['subject']['subjectAltName'];
+            } else {
+                $credentials['wwwroot'] = $credentials['subject']['CN'];
+            }
+            return $credentials;
         }
     }