The subject of a certificate is not optional - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2024-11-12 22:50:06 +0000
committer	tb <>	2024-11-12 22:50:06 +0000
commit	cf5b89baef0d059b3a6b4ecd4b49409265157b81 (patch)
tree	4090f9fd0252fcc655b896c428e7d97f0418050b /src/usr.sbin
parent	d2ed7b4e4d92926fea691e61cefc2508f2384bcf (diff)
download	openbsd-cf5b89baef0d059b3a6b4ecd4b49409265157b81.tar.gz openbsd-cf5b89baef0d059b3a6b4ecd4b49409265157b81.tar.bz2 openbsd-cf5b89baef0d059b3a6b4ecd4b49409265157b81.zip

The subject of a certificate is not optional

A certificate must have a subject, so X509_get_subject_name() cannot return NULL on a correctly parsed certificate, even if the subject is empty (which is allowed). So if X509_get_subject_name() returns NULL, error instead of silently ignoring it in tls_check_common_name(). This is currently no issue. Where it matters, the match against the common name will fail later, so we fail closed anyway. ok jsing

Diffstat (limited to 'src/usr.sbin')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: