Skip to content
Commit 0923e7df authored by Emilia Kasper's avatar Emilia Kasper
Browse files

Fix hostname validation in the command-line tool to honour negative return values.



Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent efb45973
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment