Rework name verification code so that a match is indicated via an argument, - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2017-04-10 17:11:13 +0000
committer	jsing <>	2017-04-10 17:11:13 +0000
commit	2c72bbf2735f97ac7b152b55787c620ee18ae10f (patch)
tree	2ba4db6e1d15d0e16b83f40c86378539156871c3 /src/lib/libssl/s3_lib.c
parent	b09404bb3f219fdc5b6964aa84058a927700deb8 (diff)
download	openbsd-2c72bbf2735f97ac7b152b55787c620ee18ae10f.tar.gz openbsd-2c72bbf2735f97ac7b152b55787c620ee18ae10f.tar.bz2 openbsd-2c72bbf2735f97ac7b152b55787c620ee18ae10f.zip

Rework name verification code so that a match is indicated via an argument,

rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@

Diffstat (limited to 'src/lib/libssl/s3_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: