[gnutls-dev] Patch to lib/x509/rfc2818

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnutls-dev] Patch to lib/x509/rfc2818_hostname.c

From:	Richard W.M. Jones
Subject:	[gnutls-dev] Patch to lib/x509/rfc2818_hostname.c
Date:	Fri, 16 Feb 2007 11:12:53 +0000
User-agent:	Thunderbird 1.5.0.9 (X11/20070130)

Not a security problem because CAs you trust ought not to be issuingcertificates without dnsname and common name (thanks to Tomas Mraz forcorrecting me on this). But it still seems wrong to be returning thatthe hostname is valid if it has missing/malformed common name.


Rich.

--
Emerging Technologies, Red Hat  http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF     Mobile: +44 7866 314 421
 "[Negative numbers] darken the very whole doctrines of the equations
 and make dark of the things which are in their nature excessively
 obvious and simple" (Francis Maseres FRS, mathematician, 1759)

--- rfc2818_hostname.c.orig     2007-02-16 11:07:35.000000000 +0000
+++ rfc2818_hostname.c  2007-02-16 11:07:45.000000000 +0000
@@ -136,7 +136,7 @@
        {
          /* got an error, can't find a name 
           */
-         return 1;
+         return 0;
        }
 
       if (_gnutls_hostname_compare (dnsname, hostname))

[Prev in Thread]

Current Thread

[Next in Thread]

[gnutls-dev] Patch to lib/x509/rfc2818_hostname.c, Richard W.M. Jones <=
- Re: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c, Simon Josefsson, 2007/02/16

Prev by Date: Re: [gnutls-dev] pkg-config file for libgnutls
Next by Date: Re: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c
Previous by thread: [gnutls-dev] pkg-config file for libgnutls
Next by thread: Re: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c
Index(es):
- Date
- Thread