wget/wget-nullcerts.patch

--- src/openssl.c
+++ src/openssl.c
@@ -481,6 +481,7 @@
 {
   X509 *cert;
   char common_name[256];
+  int len1, len2;
   long vresult;
   bool success = true;
 
@@ -562,9 +563,34 @@
        UTF-8 which can be meaningfully compared to HOST.  */
 
   common_name[0] = '\0';
-  X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
-                             NID_commonName, common_name, sizeof (common_name));
-  if (!pattern_match (common_name, host))
+  len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
+				    NID_commonName, NULL, 0);
+  len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
+				    NID_commonName, common_name,
+				    sizeof(common_name));
+  if (len1 < 0 || len2 < 0)
+    {
+      logprintf (LOG_NOTQUIET, _("\
+%s: certificate has no common name.\n"),
+                 severity);
+      success = false;
+    }
+  if (len1 != len2)
+    {
+      logprintf (LOG_NOTQUIET, _("\
+%s: certificate common name is %d bytes long, maximum allowed is %d.\n"),
+                 severity, len1, sizeof(common_name)-1);
+      success = false;
+    }
+  else if (len2 != strlen(common_name))
+    {
+      logprintf (LOG_NOTQUIET, _("\
+%s: certificate common name contains a NULL character: '%s\\0%s'.\n"),
+                 severity, escnonprint (common_name),
+		 escnonprint (common_name + strlen(common_name)+1));
+      success = false;
+    }
+  else if (!pattern_match (common_name, host))
     {
       logprintf (LOG_NOTQUIET, _("\
 %s: certificate common name `%s' doesn't match requested host name `%s'.\n"),
Accepting request 26763 from home:jengelh:branches:network:utilities Copy from home:jengelh:branches:network:utilities/wget via accept of submit request 26763 revision 2. Request was accepted with message: thx OBS-URL: https://build.opensuse.org/request/show/26763 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=5 2009-12-21 21:18:42 +01:00			`--- src/openssl.c`
			`+++ src/openssl.c`
			`@@ -481,6 +481,7 @@`
			`{`
			`X509 *cert;`
			`char common_name[256];`
			`+ int len1, len2;`
			`long vresult;`
			`bool success = true;`

			`@@ -562,9 +563,34 @@`
			`UTF-8 which can be meaningfully compared to HOST. */`

			`common_name[0] = '\0';`
			`- X509_NAME_get_text_by_NID (X509_get_subject_name (cert),`
			`- NID_commonName, common_name, sizeof (common_name));`
			`- if (!pattern_match (common_name, host))`
			`+ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert),`
			`+ NID_commonName, NULL, 0);`
			`+ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert),`
			`+ NID_commonName, common_name,`
			`+ sizeof(common_name));`
			`+ if (len1 < 0 \|\| len2 < 0)`
			`+ {`
			`+ logprintf (LOG_NOTQUIET, _("\`
			`+%s: certificate has no common name.\n"),`
			`+ severity);`
			`+ success = false;`
			`+ }`
			`+ if (len1 != len2)`
			`+ {`
			`+ logprintf (LOG_NOTQUIET, _("\`
			`+%s: certificate common name is %d bytes long, maximum allowed is %d.\n"),`
			`+ severity, len1, sizeof(common_name)-1);`
			`+ success = false;`
			`+ }`
			`+ else if (len2 != strlen(common_name))`
			`+ {`
			`+ logprintf (LOG_NOTQUIET, _("\`
			`+%s: certificate common name contains a NULL character: '%s\\0%s'.\n"),`
			`+ severity, escnonprint (common_name),`
			`+ escnonprint (common_name + strlen(common_name)+1));`
			`+ success = false;`
			`+ }`
			`+ else if (!pattern_match (common_name, host))`
			`{`
			`logprintf (LOG_NOTQUIET, _("\`
			%s: certificate common name `%s' doesn't match requested host name `%s'.\n"),