cURL / Mailing Lists / curl-library / Single Mail


Re: SSL cert error

From: Daniel Stenberg <>
Date: Sun, 20 Jun 2004 23:33:13 +0200 (CEST)

On Sat, 19 Jun 2004, Gisle Vanem wrote:

> I've added a simple cert_hostcheck() function that should handle '*'
> wildcard(s) correctly. The function is recursive! (probably the only one in
> libcurl). Hopefully the depth shouldn't be a problem.

I doubt that will be a problem.

I did find another thing in your patch that might cause problems though:

The assumption that the 'altptr' data is zero terminated (when doing the
subjectAltName checks). The OpenSSL man page explicitly says: "In general it
cannot be assumed that the data returned by ASN1_STRING_data() is null
terminated or does not contain embedded nulls."

I figure your wildcard function needs a length parameter too or something...

      Daniel Stenberg -- --
       Dedicated custom curl help for hire:
Received on 2004-06-20