generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Cleaner handling of "cnid" in do_x509_check

Browse Source 
Avoid using cnid = 0, use NID_undef instead, and return early instead
of trying to find an instance of that in the subject DN.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit fffc2faeb2b5cad4516cc624352d445284aa7522)
This commit is contained in:
Viktor Dukhovni 2015-09-01 21:59:08 -04:00
parent 39c76ceb2d
commit 40d5689458
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
crypto/x509v3/v3_utl.c
View File

@ -926,7 +926,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
GENERAL_NAMES *gens = NULL; GENERAL_NAMES *gens = NULL;
X509_NAME *name = NULL; X509_NAME *name = NULL;
int i; int i;
int cnid; int cnid = NID_undef;
int alt_type; int alt_type;
int san_present = 0; int san_present = 0;
int rv = 0; int rv = 0;
@ -949,7 +949,6 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
else else
equal = equal_wildcard; equal = equal_wildcard;
} else { } else {
cnid = 0;
alt_type = V_ASN1_OCTET_STRING; alt_type = V_ASN1_OCTET_STRING;
equal = equal_case; equal = equal_case;
} }
@ -980,11 +979,16 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
GENERAL_NAMES_free(gens); GENERAL_NAMES_free(gens);
if (rv != 0) if (rv != 0)
return rv; return rv;
if (!cnid if (cnid == NID_undef
|| (san_present || (san_present
&& !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
return 0; return 0;
} }
/* We're done if CN-ID is not pertinent */
if (cnid == NID_undef)
return 0;
i = -1; i = -1;
name = X509_get_subject_name(x); name = X509_get_subject_name(x);
while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) { while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {