xCAT/xNBA
2
0
Fork 0
mirror of https://github.com/xcat2/xNBA.git synced 2024-11-22 09:31:51 +00:00
Code Issues Projects Releases Wiki Activity

Fix assertion failure on certs without subjectAltName

Browse Source 
While the patch had been done to correctly indicate presence,
it still hit assertions.
This commit is contained in:
Jarrod Johnson 2014-03-24 15:38:07 -04:00
parent e4a9069fe7
commit e217322f39
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/net/tls.c
View File

@ -2445,14 +2445,15 @@ static int tls_validator_name( struct tls_session *tls, struct x509_certificate
if ( ( cert->subject.name == NULL ) && ( !cert->extensions.subject_alt_name.present ) ) {
return -1;
}
struct x509_san_link* link;
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
/* If the name matches, return 0, otherwise, continue */
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
return 0;
if ( cert->extensions.subject_alt_name.present ) {
struct x509_san_link* link;
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
/* If the name matches, return 0, otherwise, continue */
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
return 0;
}
}
}
if ( !cert->extensions.subject_alt_name.present ) {
} else {
return dns_wildcard_matcher ( tls->name, cert->subject.name );
}
return -1;