artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6174b86) | patch
Rework name verification code so that a match is indicated via an argument,
authorjsing <jsing@openbsd.org>
Mon, 10 Apr 2017 17:11:13 +0000 (17:11 +0000)
committerjsing <jsing@openbsd.org>
Mon, 10 Apr 2017 17:11:13 +0000 (17:11 +0000)
commit5f3c52056aae232e7d9616c0f5fe51020fe35906
treebc1f955489b6fa2ca1a77d0cee8bbfbcbebbb52ftree | snapshot
parent6174b86affabb759915904114660a86a8ca2cadecommit | diff
Rework name verification code so that a match is indicated via an argument,
rather than return codes. More strictly follow RFC 6125, in particular only
check the CN if there are no SAN identifiers present in the certificate
(per section 6.4.4).

Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>.

ok beck@ jca@
lib/libtls/tls_client.c diff | blob | history
lib/libtls/tls_internal.h diff | blob | history
lib/libtls/tls_peer.c diff | blob | history
lib/libtls/tls_server.c diff | blob | history
lib/libtls/tls_verify.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim