Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5669:cac82b9b3499
SSL: explicit handling of empty names.
X509_check_host() can't handle non null-terminated names with zero length,
so make sure to fail before calling it.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 23 Apr 2014 20:31:31 +0400 |
parents | a77c0839c993 |
children | 5e892d40e5cc |
comparison
equal
deleted
inserted
replaced
5668:64958ea92fd2 | 5669:cac82b9b3499 |
---|---|
2502 | 2502 |
2503 #if OPENSSL_VERSION_NUMBER >= 0x10002001L | 2503 #if OPENSSL_VERSION_NUMBER >= 0x10002001L |
2504 | 2504 |
2505 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ | 2505 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ |
2506 | 2506 |
2507 if (name->len == 0) { | |
2508 goto failed; | |
2509 } | |
2510 | |
2507 if (X509_check_host(cert, name->data, name->len, 0) != 1) { | 2511 if (X509_check_host(cert, name->data, name->len, 0) != 1) { |
2508 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2512 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
2509 "X509_check_host(): no match"); | 2513 "X509_check_host(): no match"); |
2510 goto failed; | 2514 goto failed; |
2511 } | 2515 } |