public static bool SslCheckHostnameMatch(SafeSslHandle handle, string hostName, DateTime notBefore)
{
int result;
// The IdnMapping converts Unicode input into the IDNA punycode sequence.
// It also does host case normalization. The bypass logic would be something
// like "all characters being within [a-z0-9.-]+"
//
// The SSL Policy (SecPolicyCreateSSL) has been verified as not inherently supporting
// IDNA as of macOS 10.12.1 (Sierra). If it supports low-level IDNA at a later date,
// this code could be removed.
//
// It was verified as supporting case invariant match as of 10.12.1 (Sierra).
string matchName = s_idnMapping.GetAscii(hostName);
using (SafeCFDateHandle cfNotBefore = CoreFoundation.CFDateCreate(notBefore))
using (SafeCreateHandle cfHostname = CoreFoundation.CFStringCreateWithCString(matchName))
{
result = AppleCryptoNative_SslIsHostnameMatch(handle, cfHostname, cfNotBefore);
}
switch (result)
{
case 0:
return(false);
case 1:
return(true);
default:
Debug.Fail($"AppleCryptoNative_SslIsHostnameMatch returned {result}");
throw new SslException();
}
}