Lines 1092-1098
Link Here
|
1092 |
if(check->type == target) { |
1092 |
if(check->type == target) { |
1093 |
/* get data and length */ |
1093 |
/* get data and length */ |
1094 |
const char *altptr = (char *)ASN1_STRING_data(check->d.ia5); |
1094 |
const char *altptr = (char *)ASN1_STRING_data(check->d.ia5); |
1095 |
size_t altlen; |
1095 |
size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5); |
|
|
1096 |
|
1096 |
|
1097 |
|
1097 |
switch(target) { |
1098 |
switch(target) { |
1098 |
case GEN_DNS: /* name/pattern comparison */ |
1099 |
case GEN_DNS: /* name/pattern comparison */ |
Lines 1106-1119
Link Here
|
1106 |
"I checked the 0.9.6 and 0.9.8 sources before my patch and |
1107 |
"I checked the 0.9.6 and 0.9.8 sources before my patch and |
1107 |
it always 0-terminates an IA5String." |
1108 |
it always 0-terminates an IA5String." |
1108 |
*/ |
1109 |
*/ |
1109 |
if(cert_hostcheck(altptr, conn->host.name)) |
1110 |
if((altlen == strlen(altptr)) && |
|
|
1111 |
/* if this isn't true, there was an embedded zero in the name |
1112 |
string and we cannot match it. */ |
1113 |
cert_hostcheck(altptr, conn->host.name)) |
1110 |
matched = TRUE; |
1114 |
matched = TRUE; |
1111 |
break; |
1115 |
break; |
1112 |
|
1116 |
|
1113 |
case GEN_IPADD: /* IP address comparison */ |
1117 |
case GEN_IPADD: /* IP address comparison */ |
1114 |
/* compare alternative IP address if the data chunk is the same size |
1118 |
/* compare alternative IP address if the data chunk is the same size |
1115 |
our server IP address is */ |
1119 |
our server IP address is */ |
1116 |
altlen = (size_t) ASN1_STRING_length(check->d.ia5); |
|
|
1117 |
if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) |
1120 |
if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) |
1118 |
matched = TRUE; |
1121 |
matched = TRUE; |
1119 |
break; |
1122 |
break; |
Lines 1153-1170
Link Here
|
1153 |
string manually to avoid the problem. This code can be made |
1156 |
string manually to avoid the problem. This code can be made |
1154 |
conditional in the future when OpenSSL has been fixed. Work-around |
1157 |
conditional in the future when OpenSSL has been fixed. Work-around |
1155 |
brought by Alexis S. L. Carvalho. */ |
1158 |
brought by Alexis S. L. Carvalho. */ |
1156 |
if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { |
1159 |
if(tmp) { |
1157 |
j = ASN1_STRING_length(tmp); |
1160 |
if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { |
1158 |
if(j >= 0) { |
1161 |
j = ASN1_STRING_length(tmp); |
1159 |
peer_CN = OPENSSL_malloc(j+1); |
1162 |
if(j >= 0) { |
1160 |
if(peer_CN) { |
1163 |
peer_CN = OPENSSL_malloc(j+1); |
1161 |
memcpy(peer_CN, ASN1_STRING_data(tmp), j); |
1164 |
if(peer_CN) { |
1162 |
peer_CN[j] = '\0'; |
1165 |
memcpy(peer_CN, ASN1_STRING_data(tmp), j); |
|
|
1166 |
peer_CN[j] = '\0'; |
1167 |
} |
1163 |
} |
1168 |
} |
1164 |
} |
1169 |
} |
|
|
1170 |
else /* not a UTF8 name */ |
1171 |
j = ASN1_STRING_to_UTF8(&peer_CN, tmp); |
1172 |
|
1173 |
if(peer_CN && ((int)strlen((char *)peer_CN) != j)) { |
1174 |
/* there was a terminating zero before the end of string, this |
1175 |
cannot match and we return failure! */ |
1176 |
failf(data, "SSL: illegal cert name field"); |
1177 |
res = CURLE_PEER_FAILED_VERIFICATION; |
1178 |
} |
1165 |
} |
1179 |
} |
1166 |
else /* not a UTF8 name */ |
|
|
1167 |
j = ASN1_STRING_to_UTF8(&peer_CN, tmp); |
1168 |
} |
1180 |
} |
1169 |
|
1181 |
|
1170 |
if(peer_CN == nulstr) |
1182 |
if(peer_CN == nulstr) |
Lines 1182-1188
Link Here
|
1182 |
} |
1194 |
} |
1183 |
#endif /* CURL_DOES_CONVERSIONS */ |
1195 |
#endif /* CURL_DOES_CONVERSIONS */ |
1184 |
|
1196 |
|
1185 |
if(!peer_CN) { |
1197 |
if(res) |
|
|
1198 |
/* error already detected, pass through */ |
1199 |
; |
1200 |
else if(!peer_CN) { |
1186 |
failf(data, |
1201 |
failf(data, |
1187 |
"SSL: unable to obtain common name from peer certificate"); |
1202 |
"SSL: unable to obtain common name from peer certificate"); |
1188 |
return CURLE_PEER_FAILED_VERIFICATION; |
1203 |
return CURLE_PEER_FAILED_VERIFICATION; |