diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-10 11:40:43 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-10 11:42:30 +0200 |
commit | 33bb8877f9213df23668eb21c4ebec5b1f5c77a6 (patch) | |
tree | 18d761ee985d918b98d8fcc819afa80902c10287 | |
parent | e5a6b244859aa0f876e8a7be8b173999819ad8fe (diff) | |
download | gnutls-33bb8877f9213df23668eb21c4ebec5b1f5c77a6.tar.gz |
cert cred: add the CN to the list of known hostnames only if no dns_names
That is, follow rfc6125 and support CN as a fallback only.
-rw-r--r-- | lib/x509.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/lib/x509.c b/lib/x509.c index 6d4890feba..3d46caecff 100644 --- a/lib/x509.c +++ b/lib/x509.c @@ -322,6 +322,7 @@ static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) size_t max_size; int i, ret = 0, ret2; char name[MAX_CN]; + unsigned have_dns_name = 0; for (i = 0; !(ret < 0); i++) { max_size = sizeof(name); @@ -330,6 +331,8 @@ static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) gnutls_x509_crt_get_subject_alt_name(crt, i, name, &max_size, NULL); if (ret == GNUTLS_SAN_DNSNAME) { + have_dns_name = 1; + ret2 = _gnutls_str_array_append(names, name, max_size); @@ -340,15 +343,17 @@ static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) } } - max_size = sizeof(name); - ret = - gnutls_x509_crt_get_dn_by_oid(crt, OID_X520_COMMON_NAME, 0, 0, - name, &max_size); - if (ret >= 0) { - ret = _gnutls_str_array_append(names, name, max_size); - if (ret < 0) { - _gnutls_str_array_clear(names); - return gnutls_assert_val(ret); + if (have_dns_name == 0) { + max_size = sizeof(name); + ret = + gnutls_x509_crt_get_dn_by_oid(crt, OID_X520_COMMON_NAME, 0, 0, + name, &max_size); + if (ret >= 0) { + ret = _gnutls_str_array_append(names, name, max_size); + if (ret < 0) { + _gnutls_str_array_clear(names); + return gnutls_assert_val(ret); + } } } |