summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_constraints.c
diff options
context:
space:
mode:
authorbeck <>2023-05-29 11:54:50 +0000
committerbeck <>2023-05-29 11:54:50 +0000
commit4df4ff3c6b667ac0be5208cde5c4307759565622 (patch)
tree3ee54daae8ea3ccd2187904d345b85cb009a53dd /src/lib/libcrypto/x509/x509_constraints.c
parent884ce676b10c406c493fc596a976f9ebdf149c31 (diff)
downloadopenbsd-4df4ff3c6b667ac0be5208cde5c4307759565622.tar.gz
openbsd-4df4ff3c6b667ac0be5208cde5c4307759565622.tar.bz2
openbsd-4df4ff3c6b667ac0be5208cde5c4307759565622.zip
Make X509_NAME_get_text_by[NID|OBJ] safer.
This is an un-revert with nits of the previously landed change to do this which broke libtls. libtls has now been changed to not use this function. This change ensures that if something is returned it is "text" (UTF-8) and a C string not containing a NUL byte. Historically callers to this function assume the result is text and a C string however the OpenSSL version simply hands them the bytes from an ASN1_STRING and expects them to know bad things can happen which they almost universally do not check for. Partly inspired by goings on in boringssl. ok jsing@ tb@
Diffstat (limited to 'src/lib/libcrypto/x509/x509_constraints.c')
0 files changed, 0 insertions, 0 deletions