diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-10 11:40:43 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-10 15:05:54 +0200 |
commit | df921af2f194af5cd82afff0b3bfe75999dadf2f (patch) | |
tree | 13336fb9a6d7637c93ca09b024049e8b5e960e14 | |
parent | 007fd2f09501eb93d74516576913e627922ef126 (diff) | |
download | gnutls-df921af2f194af5cd82afff0b3bfe75999dadf2f.tar.gz |
cert cred: add the CN to the list of known hostnames only if no dns_names
That is, follow rfc6125 and support CN as a fallback only.
-rw-r--r-- | lib/gnutls_x509.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index f135640f14..b295a4cb9b 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -322,6 +322,7 @@ static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) size_t max_size; int i, ret = 0, ret2; char name[MAX_CN]; + unsigned have_dns_name = 0; for (i = 0; !(ret < 0); i++) { max_size = sizeof(name); @@ -330,6 +331,8 @@ static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) gnutls_x509_crt_get_subject_alt_name(crt, i, name, &max_size, NULL); if (ret == GNUTLS_SAN_DNSNAME) { + have_dns_name = 1; + ret2 = _gnutls_str_array_append(names, name, max_size); @@ -340,15 +343,17 @@ static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) } } - max_size = sizeof(name); - ret = - gnutls_x509_crt_get_dn_by_oid(crt, OID_X520_COMMON_NAME, 0, 0, - name, &max_size); - if (ret >= 0) { - ret = _gnutls_str_array_append(names, name, max_size); - if (ret < 0) { - _gnutls_str_array_clear(names); - return gnutls_assert_val(ret); + if (have_dns_name == 0) { + max_size = sizeof(name); + ret = + gnutls_x509_crt_get_dn_by_oid(crt, OID_X520_COMMON_NAME, 0, 0, + name, &max_size); + if (ret >= 0) { + ret = _gnutls_str_array_append(names, name, max_size); + if (ret < 0) { + _gnutls_str_array_clear(names); + return gnutls_assert_val(ret); + } } } |