Fijxu
/
nginx-quic
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSL: explicit handling of empty names. 

X509_check_host() can't handle non null-terminated names with zero length,
so make sure to fail before calling it.
This commit is contained in:
Maxim Dounin 2014-04-23 20:31:31 +04:00
parent a7f81f83ee
commit e0bf571690
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/event/ngx_event_openssl.c
View File

@ -2504,6 +2504,10 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
/* X509_check_host() is only available in OpenSSL 1.0.2+ */
if (name->len == 0) {
goto failed;
}
if (X509_check_host(cert, name->data, name->len, 0) != 1) {
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"X509_check_host(): no match");