diff options
author | Felix Fietkau <nbd@openwrt.org> | 2014-04-03 16:57:38 +0200 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2014-04-03 16:57:38 +0200 |
commit | 33853d63aa9d308fc7b0dee1ddbd312bc99e4bed (patch) | |
tree | 5cc56838dba5cc7a0b33e41d8efd2cc772bfb000 | |
parent | 67aeda4a4207f6ae0bc2efad93f25fd4bc74acb6 (diff) | |
download | ustream-ssl-33853d63aa9d308fc7b0dee1ddbd312bc99e4bed.tar.gz |
openssl: fix subjectAltNames leak
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
-rw-r--r-- | ustream-openssl.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ustream-openssl.c b/ustream-openssl.c index 787cc38..3abc6e2 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -160,6 +160,7 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert) { GENERAL_NAMES *alt_names; int i, n_alt; + bool ret = false; alt_names = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL); if (!alt_names) @@ -175,11 +176,14 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert) if (name->type != GEN_DNS) continue; - if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn)) - return true; + if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn)) { + ret = true; + break; + } } - return false; + sk_GENERAL_NAME_free(alt_names); + return ret; } static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert) |