diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_vfy.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index c8ccae5029..8392f509e7 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.68 2018/02/22 17:11:30 jsing Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.69 2018/04/06 07:08:20 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -182,10 +182,13 @@ check_id_error(X509_STORE_CTX *ctx, int errcode) | |||
| 182 | static int | 182 | static int |
| 183 | check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) | 183 | check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) |
| 184 | { | 184 | { |
| 185 | size_t i; | 185 | size_t i, n; |
| 186 | size_t n = sk_OPENSSL_STRING_num(id->hosts); | ||
| 187 | char *name; | 186 | char *name; |
| 188 | 187 | ||
| 188 | if (id->poisoned) | ||
| 189 | return 0; | ||
| 190 | |||
| 191 | n = sk_OPENSSL_STRING_num(id->hosts); | ||
| 189 | free(id->peername); | 192 | free(id->peername); |
| 190 | id->peername = NULL; | 193 | id->peername = NULL; |
| 191 | 194 | ||
| @@ -205,6 +208,10 @@ check_id(X509_STORE_CTX *ctx) | |||
| 205 | X509_VERIFY_PARAM_ID *id = vpm->id; | 208 | X509_VERIFY_PARAM_ID *id = vpm->id; |
| 206 | X509 *x = ctx->cert; | 209 | X509 *x = ctx->cert; |
| 207 | 210 | ||
| 211 | if (id->poisoned) | ||
| 212 | if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL)) | ||
| 213 | return 0; | ||
| 214 | |||
| 208 | if (id->hosts && check_hosts(x, id) <= 0) { | 215 | if (id->hosts && check_hosts(x, id) <= 0) { |
| 209 | if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) | 216 | if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) |
| 210 | return 0; | 217 | return 0; |