diff options
author | Tatsuya Kinoshita <tats@vega.ocn.ne.jp> | 2011-05-04 07:41:45 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@vega.ocn.ne.jp> | 2011-05-04 07:41:45 +0000 |
commit | 5397d09e585a1938fb64bc9c5cd5daed1959eb90 (patch) | |
tree | cd2673d4ca9584c426f9291e54b7bbb508c11e76 /istream.c | |
parent | Adding upstream version 0.5.2 (diff) | |
download | w3m-5397d09e585a1938fb64bc9c5cd5daed1959eb90.tar.gz w3m-5397d09e585a1938fb64bc9c5cd5daed1959eb90.zip |
Adding upstream version 0.5.3upstream/0.5.3
Diffstat (limited to '')
-rw-r--r-- | istream.c | 30 |
1 files changed, 25 insertions, 5 deletions
@@ -1,4 +1,4 @@ -/* $Id: istream.c,v 1.26 2007/05/23 15:06:05 inu Exp $ */ +/* $Id: istream.c,v 1.27 2010/07/18 13:43:23 htrb Exp $ */ #include "fm.h" #include "myctype.h" #include "istream.h" @@ -447,8 +447,17 @@ ssl_check_cert_ident(X509 * x, char *hostname) if (!seen_dnsname) seen_dnsname = Strnew(); + /* replace \0 to make full string visible to user */ + if (sl != strlen(sn)) { + int i; + for (i = 0; i < sl; ++i) { + if (!sn[i]) + sn[i] = '!'; + } + } Strcat_m_charp(seen_dnsname, sn, " ", NULL); - if (ssl_match_cert_ident(sn, sl, hostname)) + if (sl == strlen(sn) /* catch \0 in SAN */ + && ssl_match_cert_ident(sn, sl, hostname)) break; } } @@ -466,16 +475,27 @@ ssl_check_cert_ident(X509 * x, char *hostname) if (match_ident == FALSE && ret == NULL) { X509_NAME *xn; char buf[2048]; + int slen; xn = X509_get_subject_name(x); - if (X509_NAME_get_text_by_NID(xn, NID_commonName, - buf, sizeof(buf)) == -1) + slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)); + if ( slen == -1) /* FIXME: gettextize? */ ret = Strnew_charp("Unable to get common name from peer cert"); - else if (!ssl_match_cert_ident(buf, strlen(buf), hostname)) + else if (slen != strlen(buf) + || !ssl_match_cert_ident(buf, strlen(buf), hostname)) { + /* replace \0 to make full string visible to user */ + if (slen != strlen(buf)) { + int i; + for (i = 0; i < slen; ++i) { + if (!buf[i]) + buf[i] = '!'; + } + } /* FIXME: gettextize? */ ret = Sprintf("Bad cert ident %s from %s", buf, hostname); + } else match_ident = TRUE; } |