Fix hostname validation in the command-line tool to honour negative return values. (0923e7df) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 0923e7df authored Feb 05, 2015 by

Emilia Kasper

Fix hostname validation in the command-line tool to honour negative return values.



Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>

parent efb45973

Hide whitespace changes

Inline Side-by-side

Please register or to comment