Hey

I'm forwarding this mail to the libcurl mailing list, as I figure it reaches
more involved developers there.

Also, I converted the full file to a much nicer diff to better allow people to
actually tell what's the difference.

I would appreciate someone else's comment/feedback on this patch. Personally I
have no clue about this.

-- 
    Daniel Stenberg -- http://curl.haxx.se/ -- http://daniel.haxx.se/
   [[ Do not send mails to this email address. They won't reach me. ]]
---------- Forwarded message ----------
Date: Thu, 15 Jan 2004 17:59:55 +0100
From: Peter Sylvester
To: curl-users <curl-users_at_lists.sourceforge.net>
Subject: ssluse.c and most significant common name entry
The current ssluse.c code uses X509_NAME_get_text_by_NID
in routine verifyhost to find a common name. This has two
problems:
- Assuming that I correctly understand the meaning of 'most significant'
   it does not return the least significant one, i.e. the first
occurence when
   you go down the hierarchy.
- furthermore the information may be incoded in BMPstring
Enclosed there is a new verion of ssluse.c that fixes this in the
following way:
  - a loop through  X509_NAME_get_index_by_NID to get
    the last entry. this covers also multivalued RDNs.
  - a conversion of the value to an UTF8 string.
Any comments and testers are welcome.
Peter Sylvester

-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn