[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnutls-dev] Patch to lib/x509/rfc2818_hostname.c
From: |
Richard W.M. Jones |
Subject: |
[gnutls-dev] Patch to lib/x509/rfc2818_hostname.c |
Date: |
Fri, 16 Feb 2007 11:12:53 +0000 |
User-agent: |
Thunderbird 1.5.0.9 (X11/20070130) |
Not a security problem because CAs you trust ought not to be issuing
certificates without dnsname and common name (thanks to Tomas Mraz for
correcting me on this). But it still seems wrong to be returning that
the hostname is valid if it has missing/malformed common name.
Rich.
--
Emerging Technologies, Red Hat http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421
"[Negative numbers] darken the very whole doctrines of the equations
and make dark of the things which are in their nature excessively
obvious and simple" (Francis Maseres FRS, mathematician, 1759)
--- rfc2818_hostname.c.orig 2007-02-16 11:07:35.000000000 +0000
+++ rfc2818_hostname.c 2007-02-16 11:07:45.000000000 +0000
@@ -136,7 +136,7 @@
{
/* got an error, can't find a name
*/
- return 1;
+ return 0;
}
if (_gnutls_hostname_compare (dnsname, hostname))
- [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c,
Richard W.M. Jones <=