git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Support optional server certificate name checking. Bug 1479
[exim.git]
/
src
/
src
/
tlscert-gnu.c
diff --git
a/src/src/tlscert-gnu.c
b/src/src/tlscert-gnu.c
index 9b9c83d8b559f92e41e0fcd47abb4f5e32daa5a5..73763730257f989e3a03c926f8c7ddbf7b21738f 100644
(file)
--- a/
src/src/tlscert-gnu.c
+++ b/
src/src/tlscert-gnu.c
@@
-268,7
+268,7
@@
for(index = 0;; index++)
{
siz = 0;
switch(ret = gnutls_x509_crt_get_subject_alt_name(
{
siz = 0;
switch(ret = gnutls_x509_crt_get_subject_alt_name(
- (gnutls_x509_crt_t)cert, index, NULL, &siz, NULL))
+
(gnutls_x509_crt_t)cert, index, NULL, &siz, NULL))
{
case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
return list; /* no more elements; normal exit */
{
case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
return list; /* no more elements; normal exit */
@@
-286,7
+286,8
@@
for(index = 0;; index++)
return g_err("gs1", __FUNCTION__, ret);
ele[siz] = '\0';
return g_err("gs1", __FUNCTION__, ret);
ele[siz] = '\0';
- if (match != -1 && match != ret)
+ if ( match != -1 && match != ret /* wrong type of SAN */
+ || Ustrlen(ele) != siz) /* contains a NUL */
continue;
switch (ret)
{
continue;
switch (ret)
{