summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_verify.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libtls/tls_verify.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libtls/tls_verify.c b/src/lib/libtls/tls_verify.c
index 3bd1057d0c..acbe163ffd 100644
--- a/src/lib/libtls/tls_verify.c
+++ b/src/lib/libtls/tls_verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_verify.c,v 1.19 2017/04/10 17:11:13 jsing Exp $ */ 1/* $OpenBSD: tls_verify.c,v 1.20 2018/02/05 00:52:24 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * 4 *
@@ -215,16 +215,16 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
215 215
216 subject_name = X509_get_subject_name(cert); 216 subject_name = X509_get_subject_name(cert);
217 if (subject_name == NULL) 217 if (subject_name == NULL)
218 goto out; 218 goto done;
219 219
220 common_name_len = X509_NAME_get_text_by_NID(subject_name, 220 common_name_len = X509_NAME_get_text_by_NID(subject_name,
221 NID_commonName, NULL, 0); 221 NID_commonName, NULL, 0);
222 if (common_name_len < 0) 222 if (common_name_len < 0)
223 goto out; 223 goto done;
224 224
225 common_name = calloc(common_name_len + 1, 1); 225 common_name = calloc(common_name_len + 1, 1);
226 if (common_name == NULL) 226 if (common_name == NULL)
227 goto out; 227 goto done;
228 228
229 X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name, 229 X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
230 common_name_len + 1); 230 common_name_len + 1);
@@ -236,7 +236,7 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
236 "NUL byte in Common Name field, " 236 "NUL byte in Common Name field, "
237 "probably a malicious certificate", name); 237 "probably a malicious certificate", name);
238 rv = -1; 238 rv = -1;
239 goto out; 239 goto done;
240 } 240 }
241 241
242 /* 242 /*
@@ -247,13 +247,13 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
247 inet_pton(AF_INET6, name, &addrbuf) == 1) { 247 inet_pton(AF_INET6, name, &addrbuf) == 1) {
248 if (strcmp(common_name, name) == 0) 248 if (strcmp(common_name, name) == 0)
249 *cn_match = 1; 249 *cn_match = 1;
250 goto out; 250 goto done;
251 } 251 }
252 252
253 if (tls_match_name(common_name, name) == 0) 253 if (tls_match_name(common_name, name) == 0)
254 *cn_match = 1; 254 *cn_match = 1;
255 255
256 out: 256 done:
257 free(common_name); 257 free(common_name);
258 return rv; 258 return rv;
259} 259}