curl-library
Re: SSL cert error
From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Sun, 20 Jun 2004 23:33:13 +0200 (CEST)
Date: Sun, 20 Jun 2004 23:33:13 +0200 (CEST)
On Sat, 19 Jun 2004, Gisle Vanem wrote:
> I've added a simple cert_hostcheck() function that should handle '*'
> wildcard(s) correctly. The function is recursive! (probably the only one in
> libcurl). Hopefully the depth shouldn't be a problem.
I doubt that will be a problem.
I did find another thing in your patch that might cause problems though:
The assumption that the 'altptr' data is zero terminated (when doing the
subjectAltName checks). The OpenSSL man page explicitly says: "In general it
cannot be assumed that the data returned by ASN1_STRING_data() is null
terminated or does not contain embedded nulls."
I figure your wildcard function needs a length parameter too or something...
-- Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se Dedicated custom curl help for hire: http://haxx.se/curl.htmlReceived on 2004-06-20