Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5669:cac82b9b3499
SSL: explicit handling of empty names.
X509_check_host() can't handle non null-terminated names with zero length,
so make sure to fail before calling it.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 23 Apr 2014 20:31:31 +0400 |
| parents | a77c0839c993 |
| children | 5e892d40e5cc |
comparison
equal
deleted
inserted
replaced
| 5668:64958ea92fd2 | 5669:cac82b9b3499 |
|---|---|
| 2502 | 2502 |
| 2503 #if OPENSSL_VERSION_NUMBER >= 0x10002001L | 2503 #if OPENSSL_VERSION_NUMBER >= 0x10002001L |
| 2504 | 2504 |
| 2505 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ | 2505 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ |
| 2506 | 2506 |
| 2507 if (name->len == 0) { | |
| 2508 goto failed; | |
| 2509 } | |
| 2510 | |
| 2507 if (X509_check_host(cert, name->data, name->len, 0) != 1) { | 2511 if (X509_check_host(cert, name->data, name->len, 0) != 1) { |
| 2508 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2512 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 2509 "X509_check_host(): no match"); | 2513 "X509_check_host(): no match"); |
| 2510 goto failed; | 2514 goto failed; |
| 2511 } | 2515 } |