Skip to content
Permalink
Browse files
Fix assertion failure on certs without subjectAltName
While the patch had been done to correctly indicate presence,
it still hit assertions.
  • Loading branch information
Jarrod Johnson committed Mar 24, 2014
1 parent e4a9069 commit e217322f39ae18f0a9976d8c23bb1661f9966d5f
Showing 1 changed file with 8 additions and 7 deletions.
@@ -2445,14 +2445,15 @@ static int tls_validator_name( struct tls_session *tls, struct x509_certificate
if ( ( cert->subject.name == NULL ) && ( !cert->extensions.subject_alt_name.present ) ) {
return -1;
}
struct x509_san_link* link;
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
/* If the name matches, return 0, otherwise, continue */
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
return 0;
if ( cert->extensions.subject_alt_name.present ) {
struct x509_san_link* link;
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
/* If the name matches, return 0, otherwise, continue */
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
return 0;
}
}
}
if ( !cert->extensions.subject_alt_name.present ) {
} else {
return dns_wildcard_matcher ( tls->name, cert->subject.name );
}
return -1;

0 comments on commit e217322

Please sign in to comment.