generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Drop hostlen from X509_VERIFY_PARAM_ID.

Browse Source 
Just store NUL-terminated strings.  This works better when we add
support for multiple hostnames.
This commit is contained in:
Viktor Dukhovni 2014-06-22 01:35:44 -04:00
parent d241b80409
commit b3012c698a
4 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/x509/x509_lcl.h
View File

@ -61,7 +61,6 @@
struct X509_VERIFY_PARAM_ID_st struct X509_VERIFY_PARAM_ID_st
{ {
unsigned char *host; /* If not NULL hostname to match */ unsigned char *host; /* If not NULL hostname to match */
size_t hostlen;
unsigned int hostflags; /* Flags to control matching features */ unsigned int hostflags; /* Flags to control matching features */
unsigned char *email; /* If not NULL email address to match */ unsigned char *email; /* If not NULL email address to match */
size_t emaillen; size_t emaillen;

3
crypto/x509/x509_vfy.c
View File

@ -748,8 +748,7 @@ static int check_id(X509_STORE_CTX *ctx)
X509_VERIFY_PARAM *vpm = ctx->param; X509_VERIFY_PARAM *vpm = ctx->param;
X509_VERIFY_PARAM_ID *id = vpm->id; X509_VERIFY_PARAM_ID *id = vpm->id;
X509 *x = ctx->cert; X509 *x = ctx->cert;
if (id->host && !X509_check_host(x, id->host, id->hostlen, if (id->host && !X509_check_host(x, id->host, 0, id->hostflags))
id->hostflags))
{ {
if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
return 0; return 0;

8
crypto/x509/x509_vpm.c
View File

@ -91,7 +91,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
{ {
OPENSSL_free(paramid->host); OPENSSL_free(paramid->host);
paramid->host = NULL; paramid->host = NULL;
paramid->hostlen = 0;
} }
if (paramid->email) if (paramid->email)
{ {
@ -237,7 +236,7 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
if (test_x509_verify_param_copy_id(host, NULL)) if (test_x509_verify_param_copy_id(host, NULL))
{ {
if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen)) if (!X509_VERIFY_PARAM_set1_host(dest, id->host, 0))
return 0; return 0;
dest->id->hostflags = id->hostflags; dest->id->hostflags = id->hostflags;
} }
@ -399,8 +398,7 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen) const unsigned char *name, size_t namelen)
{ {
return int_x509_param_set1(&param->id->host, &param->id->hostlen, return int_x509_param_set1(&param->id->host, NULL, name, namelen);
name, namelen);
} }
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
@ -444,7 +442,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
return param->name; return param->name;
} }
static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0}; static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0};
#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id

4
crypto/x509v3/v3_utl.c
View File

@ -972,6 +972,10 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags) unsigned int flags)
{ {
if (chklen == 0)
chklen = chk ? strlen((char *)chk) : 0;
else if (chk && memchr(chk, '\0', chklen))
return 0;
return do_x509_check(x, chk, chklen, flags, GEN_DNS); return do_x509_check(x, chk, chklen, flags, GEN_DNS);
} }