cURL / Mailing Lists / curl-library / Single Mail


Re: SSL cert error

From: Gisle Vanem <>
Date: Mon, 21 Jun 2004 12:05:47 +0200

"Daniel Stenberg" <> said:

> The assumption that the 'altptr' data is zero terminated (when doing the
> subjectAltName checks). The OpenSSL man page explicitly says: "In general it
> cannot be assumed that the data returned by ASN1_STRING_data() is null
> terminated or does not contain embedded nulls."

Probably to cover their butts or the docs isn't up-to-date. It further says:
  ... The actual format of the data will depend on the actual string
  type itself: for example for and IA5String the data will be ASCII, ..

Not that I've checked in practice cause I didn't find any CERT's with alternate
names. But I checked the 0.9.6 and 0.9.8 sources before my patch and
it always 0-terminates an IA5String. See crypto/x509v3/v3_alt.c which
calls ASN1_STRING_set() that adds a 0-termination:
  /* an allowance for strings :-) */

Received on 2004-06-21