Skip to content

Commit

Permalink
lib-ssl-iostream: Fix missing altName handling in openssl_cert_match_…
Browse files Browse the repository at this point in the history 
…name

If name is not found in subjectAltNames, report it as error.

Fixes Panic: file iostream-openssl-common.c: line 177 (openssl_cert_match_name): assertion failed: (*reason_r != NULL)
  • Loading branch information
@cmouse @sirainen
cmouse authored and sirainen committed Apr 25, 2018
1 parent 99d9e71 commit cea45a4
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions src/lib-ssl-iostream/iostream-openssl-common.c
View file
Expand Up @@ -174,8 +174,15 @@ bool openssl_cert_match_name(SSL *ssl, const char *verify_name,
/* verify against CommonName only when there wasn't any DNS
SubjectAltNames */
if (dns_names) {
i_assert(*reason_r != NULL);
ret = i < count;
i_assert(*reason_r != NULL || i == count);
if (i == count) {
*reason_r = t_strdup_printf(
"No match to %u SubjectAltNames",
count);
ret = FALSE;
} else {
ret = TRUE;
}
} else {
const char *cname = get_cname(cert);

Expand Down

0 comments on commit cea45a4

Please sign in to comment.