Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix assertion failure on certs without subjectAltName
While the patch had been done to correctly indicate presence,
it still hit assertions.
  • Loading branch information
Jarrod Johnson committed Mar 24, 2014
1 parent e4a9069 commit e217322
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions src/net/tls.c
Expand Up @@ -2445,14 +2445,15 @@ static int tls_validator_name( struct tls_session *tls, struct x509_certificate
if ( ( cert->subject.name == NULL ) && ( !cert->extensions.subject_alt_name.present ) ) {
return -1;
}
struct x509_san_link* link;
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
/* If the name matches, return 0, otherwise, continue */
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
return 0;
if ( cert->extensions.subject_alt_name.present ) {
struct x509_san_link* link;
list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
/* If the name matches, return 0, otherwise, continue */
if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
return 0;
}
}
}
if ( !cert->extensions.subject_alt_name.present ) {
} else {
return dns_wildcard_matcher ( tls->name, cert->subject.name );
}
return -1;
Expand Down

0 comments on commit e217322

Please sign in to comment.