projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add a test for duplicated ordinals
[openssl.git]
/
crypto
/
x509v3
/
v3_utl.c
diff --git
a/crypto/x509v3/v3_utl.c
b/crypto/x509v3/v3_utl.c
index d50c2fa26cdea1054283672f5187451d2e158c07..6494d83bdb2e60ff900fb8431cf4d4497232ce91 100644
(file)
--- a/
crypto/x509v3/v3_utl.c
+++ b/
crypto/x509v3/v3_utl.c
@@
-60,9
+60,10
@@
#include <stdio.h>
#include <ctype.h>
#include <stdio.h>
#include <ctype.h>
-#include "cryptlib.h"
+#include "
internal/
cryptlib.h"
#include <openssl/conf.h>
#include <openssl/x509v3.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
+#include "internal/x509_int.h"
#include <openssl/bn.h>
static char *strip_spaces(char *name);
#include <openssl/bn.h>
static char *strip_spaces(char *name);
@@
-920,7
+921,7
@@
static int do_x509_check(X509 *x, const char *chk, size_t chklen,
GENERAL_NAMES *gens = NULL;
X509_NAME *name = NULL;
int i;
GENERAL_NAMES *gens = NULL;
X509_NAME *name = NULL;
int i;
- int cnid;
+ int cnid
= NID_undef
;
int alt_type;
int san_present = 0;
int rv = 0;
int alt_type;
int san_present = 0;
int rv = 0;
@@
-943,7
+944,6
@@
static int do_x509_check(X509 *x, const char *chk, size_t chklen,
else
equal = equal_wildcard;
} else {
else
equal = equal_wildcard;
} else {
- cnid = 0;
alt_type = V_ASN1_OCTET_STRING;
equal = equal_case;
}
alt_type = V_ASN1_OCTET_STRING;
equal = equal_case;
}
@@
-974,11
+974,16
@@
static int do_x509_check(X509 *x, const char *chk, size_t chklen,
GENERAL_NAMES_free(gens);
if (rv != 0)
return rv;
GENERAL_NAMES_free(gens);
if (rv != 0)
return rv;
- if (
!cnid
+ if (
cnid == NID_undef
|| (san_present
&& !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
return 0;
}
|| (san_present
&& !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
return 0;
}
+
+ /* We're done if CN-ID is not pertinent */
+ if (cnid == NID_undef)
+ return 0;
+
i = -1;
name = X509_get_subject_name(x);
while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {
i = -1;
name = X509_get_subject_name(x);
while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {