mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 01:12:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: explicit handling of empty names.

Browse Source 
X509_check_host() can't handle non null-terminated names with zero length,
so make sure to fail before calling it.
This commit is contained in:
Maxim Dounin 2014-04-23 20:31:31 +04:00
parent c728709316
commit 6898a634d3
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/event/ngx_event_openssl.c
View File

@ -2504,6 +2504,10 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
/* X509_check_host() is only available in OpenSSL 1.0.2+ */
if (name->len == 0) {
goto failed;
}
if (X509_check_host(cert, name->data, name->len, 0) != 1) {
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"X509_check_host(): no match");