wget/wget-nullcerts.patch
Pavol Rusnak dabfd7233e Accepting request 26763 from home:jengelh:branches:network:utilities
Copy from home:jengelh:branches:network:utilities/wget via accept of submit request 26763 revision 2.
Request was accepted with message:
thx

OBS-URL: https://build.opensuse.org/request/show/26763
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=5
2009-12-21 20:18:42 +00:00

49 lines
1.5 KiB
Diff

--- src/openssl.c
+++ src/openssl.c
@@ -481,6 +481,7 @@
{
X509 *cert;
char common_name[256];
+ int len1, len2;
long vresult;
bool success = true;
@@ -562,9 +563,34 @@
UTF-8 which can be meaningfully compared to HOST. */
common_name[0] = '\0';
- X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
- NID_commonName, common_name, sizeof (common_name));
- if (!pattern_match (common_name, host))
+ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
+ NID_commonName, NULL, 0);
+ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
+ NID_commonName, common_name,
+ sizeof(common_name));
+ if (len1 < 0 || len2 < 0)
+ {
+ logprintf (LOG_NOTQUIET, _("\
+%s: certificate has no common name.\n"),
+ severity);
+ success = false;
+ }
+ if (len1 != len2)
+ {
+ logprintf (LOG_NOTQUIET, _("\
+%s: certificate common name is %d bytes long, maximum allowed is %d.\n"),
+ severity, len1, sizeof(common_name)-1);
+ success = false;
+ }
+ else if (len2 != strlen(common_name))
+ {
+ logprintf (LOG_NOTQUIET, _("\
+%s: certificate common name contains a NULL character: '%s\\0%s'.\n"),
+ severity, escnonprint (common_name),
+ escnonprint (common_name + strlen(common_name)+1));
+ success = false;
+ }
+ else if (!pattern_match (common_name, host))
{
logprintf (LOG_NOTQUIET, _("\
%s: certificate common name `%s' doesn't match requested host name `%s'.\n"),