Skip to content
Permalink
Browse files

Fix assertion failure on certs without subjectAltName

While the patch had been done to correctly indicate presence,
it still hit assertions.
  • Loading branch information
Jarrod Johnson
Jarrod Johnson committed Mar 24, 2014
1 parent e4a9069 commit e217322f39ae18f0a9976d8c23bb1661f9966d5f
Showing with 8 additions and 7 deletions.
  1. +8 −7 src/net/tls.c
@@ -2445,14 +2445,15 @@ static int tls_validator_name( struct tls_session *tls, struct x509_certificate
if ( ( cert->subject.name == NULL ) && ( !cert->extensions.subject_alt_name.present ) ) {
return -1;
}
struct x509_san_link* link;
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
/* If the name matches, return 0, otherwise, continue */
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
return 0;
if ( cert->extensions.subject_alt_name.present ) {
struct x509_san_link* link;
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
/* If the name matches, return 0, otherwise, continue */
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
return 0;
}
}
}
if ( !cert->extensions.subject_alt_name.present ) {
} else {
return dns_wildcard_matcher ( tls->name, cert->subject.name );
}
return -1;

0 comments on commit e217322

Please sign in to comment.
You can’t perform that action at this time.