[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 51/282: openssl: make CURLINFO_CERTINFO not truncate x509v3 fiel
From: |
gnunet |
Subject: |
[gnurl] 51/282: openssl: make CURLINFO_CERTINFO not truncate x509v3 fields |
Date: |
Wed, 01 Apr 2020 14:28:36 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 3ecdfb195834d5c59e1c95d8ac87174075a40576
Author: Daniel Stenberg <address@hidden>
AuthorDate: Wed Jan 22 10:29:44 2020 +0100
openssl: make CURLINFO_CERTINFO not truncate x509v3 fields
Avoid "reparsing" the content and instead deliver more exactly what is
provided in the certificate and avoid truncating the data after 512
bytes as done previously. This no longer removes embedded newlines.
Fixes #4837
Reported-by: bnfp on github
Closes #4841
---
lib/vtls/openssl.c | 31 ++++++-------------------------
1 file changed, 6 insertions(+), 25 deletions(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 726ff6e7c..3c4066cdc 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -3122,28 +3122,25 @@ do { \
} while(0)
#endif
-static int X509V3_ext(struct Curl_easy *data,
+static void X509V3_ext(struct Curl_easy *data,
int certnum,
CONST_EXTS STACK_OF(X509_EXTENSION) *exts)
{
int i;
- size_t j;
if((int)sk_X509_EXTENSION_num(exts) <= 0)
/* no extensions, bail out */
- return 1;
+ return;
for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
ASN1_OBJECT *obj;
X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
BUF_MEM *biomem;
- char buf[512];
- char *ptr = buf;
char namebuf[128];
BIO *bio_out = BIO_new(BIO_s_mem());
if(!bio_out)
- return 1;
+ return;
obj = X509_EXTENSION_get_object(ext);
@@ -3153,26 +3150,10 @@ static int X509V3_ext(struct Curl_easy *data,
ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
BIO_get_mem_ptr(bio_out, &biomem);
-
- for(j = 0; j < (size_t)biomem->length; j++) {
- const char *sep = "";
- if(biomem->data[j] == '\n') {
- sep = ", ";
- j++; /* skip the newline */
- };
- while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
- j++;
- if(j<(size_t)biomem->length)
- ptr += msnprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
- biomem->data[j]);
- }
-
- Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
-
+ Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data,
+ biomem->length);
BIO_free(bio_out);
-
}
- return 0; /* all is fine */
}
#ifdef OPENSSL_IS_BORINGSSL
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 33/282: wolfssh: set the password correctly for PASSWORD auth, (continued)
- [gnurl] 33/282: wolfssh: set the password correctly for PASSWORD auth, gnunet, 2020/04/01
- [gnurl] 42/282: CMake: support specifying the target Windows version, gnunet, 2020/04/01
- [gnurl] 35/282: libssh2: fix variable type, gnunet, 2020/04/01
- [gnurl] 24/282: wolfSSH: new SSH backend, gnunet, 2020/04/01
- [gnurl] 45/282: http: move "oauth_bearer" from connectdata to Curl_easy, gnunet, 2020/04/01
- [gnurl] 40/282: HTTP: increase EXPECT_100_THRESHOLD to 1Mb, gnunet, 2020/04/01
- [gnurl] 32/282: wolfssh: remove fprintf() calls (and uses of __func__), gnunet, 2020/04/01
- [gnurl] 46/282: copyright: fix year ranges, gnunet, 2020/04/01
- [gnurl] 34/282: curl:progressbarinit: ignore column width from terminals < 20, gnunet, 2020/04/01
- [gnurl] 29/282: HTTP-COOKIES.md: describe the cookie file format, gnunet, 2020/04/01
- [gnurl] 51/282: openssl: make CURLINFO_CERTINFO not truncate x509v3 fields,
gnunet <=
- [gnurl] 60/282: curl: make the -# spaceship bar not wrap the line, gnunet, 2020/04/01
- [gnurl] 50/282: CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3, gnunet, 2020/04/01
- [gnurl] 61/282: urldata: do string enums without #ifdefs for build scripts, gnunet, 2020/04/01
- [gnurl] 47/282: smtp: Allow RCPT TO command to fail for some recipients, gnunet, 2020/04/01
- [gnurl] 62/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 48/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 58/282: conn: do not reuse connection if SOCKS proxy credentials differ, gnunet, 2020/04/01
- [gnurl] 37/282: wolfssl: use the wc-prefixed symbol alternatives, gnunet, 2020/04/01
- [gnurl] 28/282: CMake: Add support for CMAKE_LTO option., gnunet, 2020/04/01
- [gnurl] 38/282: RELEASE-NOTES: synced, gnunet, 2020/04/01