-/* $OpenBSD: tls_verify.c,v 1.27 2023/06/01 07:29:15 tb Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.28 2023/06/01 07:32:25 tb Exp $ */
/*
* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
*
int addrlen, type;
int count, i;
int critical = 0;
- int rv = 0;
+ int rv = -1;
*alt_match = 0;
*alt_exists = 0;
if (altname_stack == NULL) {
if (critical != -1) {
tls_set_errorx(ctx, "error decoding subjectAltName");
- return -1;
+ goto err;
}
- return 0;
+ goto done;
}
if (inet_pton(AF_INET, name, &addrbuf) == 1) {
"NUL byte in subjectAltName, "
"probably a malicious certificate",
name);
- rv = -1;
- break;
+ goto err;
}
/*
"error verifying name '%s': "
"a dNSName of \" \" must not be "
"used", name);
- rv = -1;
- break;
+ goto err;
}
if (tls_match_name(data, name) == 0) {
*alt_match = 1;
- break;
+ goto done;
}
} else {
#ifdef DEBUG
tls_set_errorx(ctx,
"Unexpected negative length for an "
"IP address: %d", datalen);
- rv = -1;
- break;
+ goto err;
}
/*
if (datalen == addrlen &&
memcmp(data, &addrbuf, addrlen) == 0) {
*alt_match = 1;
- break;
+ goto done;
}
}
}
+ done:
+ rv = 0;
+
+ err:
sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
return rv;
}
projects / openbsd / commitdiff