Permalink
Browse files
Fix assertion failure on certs without subjectAltName
While the patch had been done to correctly indicate presence,
it still hit assertions.
- Loading branch information
Showing
with
8 additions
and
7 deletions.
-
+8
−7
src/net/tls.c
|
|
@@ -2445,14 +2445,15 @@ static int tls_validator_name( struct tls_session *tls, struct x509_certificate |
|
|
if ( ( cert->subject.name == NULL ) && ( !cert->extensions.subject_alt_name.present ) ) { |
|
|
return -1; |
|
|
} |
|
|
struct x509_san_link* link; |
|
|
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) { |
|
|
/* If the name matches, return 0, otherwise, continue */ |
|
|
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) { |
|
|
return 0; |
|
|
if ( cert->extensions.subject_alt_name.present ) { |
|
|
struct x509_san_link* link; |
|
|
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) { |
|
|
/* If the name matches, return 0, otherwise, continue */ |
|
|
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) { |
|
|
return 0; |
|
|
} |
|
|
} |
|
|
} |
|
|
if ( !cert->extensions.subject_alt_name.present ) { |
|
|
} else { |
|
|
return dns_wildcard_matcher ( tls->name, cert->subject.name ); |
|
|
} |
|
|
return -1; |
|
|
|