dabfd7233e
Copy from home:jengelh:branches:network:utilities/wget via accept of submit request 26763 revision 2. Request was accepted with message: thx OBS-URL: https://build.opensuse.org/request/show/26763 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=5
49 lines
1.5 KiB
Diff
49 lines
1.5 KiB
Diff
--- src/openssl.c
|
|
+++ src/openssl.c
|
|
@@ -481,6 +481,7 @@
|
|
{
|
|
X509 *cert;
|
|
char common_name[256];
|
|
+ int len1, len2;
|
|
long vresult;
|
|
bool success = true;
|
|
|
|
@@ -562,9 +563,34 @@
|
|
UTF-8 which can be meaningfully compared to HOST. */
|
|
|
|
common_name[0] = '\0';
|
|
- X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
|
|
- NID_commonName, common_name, sizeof (common_name));
|
|
- if (!pattern_match (common_name, host))
|
|
+ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
|
|
+ NID_commonName, NULL, 0);
|
|
+ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
|
|
+ NID_commonName, common_name,
|
|
+ sizeof(common_name));
|
|
+ if (len1 < 0 || len2 < 0)
|
|
+ {
|
|
+ logprintf (LOG_NOTQUIET, _("\
|
|
+%s: certificate has no common name.\n"),
|
|
+ severity);
|
|
+ success = false;
|
|
+ }
|
|
+ if (len1 != len2)
|
|
+ {
|
|
+ logprintf (LOG_NOTQUIET, _("\
|
|
+%s: certificate common name is %d bytes long, maximum allowed is %d.\n"),
|
|
+ severity, len1, sizeof(common_name)-1);
|
|
+ success = false;
|
|
+ }
|
|
+ else if (len2 != strlen(common_name))
|
|
+ {
|
|
+ logprintf (LOG_NOTQUIET, _("\
|
|
+%s: certificate common name contains a NULL character: '%s\\0%s'.\n"),
|
|
+ severity, escnonprint (common_name),
|
|
+ escnonprint (common_name + strlen(common_name)+1));
|
|
+ success = false;
|
|
+ }
|
|
+ else if (!pattern_match (common_name, host))
|
|
{
|
|
logprintf (LOG_NOTQUIET, _("\
|
|
%s: certificate common name `%s' doesn't match requested host name `%s'.\n"),
|