diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2014-06-22 01:35:44 -0400 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2014-06-22 19:52:44 -0400 |
| commit | b3012c698a086937319ed413a113ed7bec1edd1a (patch) | |
| tree | 43c6b0cee80d85c961d12d940b763fdbe5ac93e7 /crypto/x509 | |
| parent | d241b804099ce28c053ba988eb5532b1a32dd51e (diff) | |
| download | openssl-b3012c698a086937319ed413a113ed7bec1edd1a.tar.gz | |
Drop hostlen from X509_VERIFY_PARAM_ID.
Just store NUL-terminated strings. This works better when we add
support for multiple hostnames.
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x509_lcl.h | 1 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 3 | ||||
| -rw-r--r-- | crypto/x509/x509_vpm.c | 8 |
3 files changed, 4 insertions, 8 deletions
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index f994cb9c27..a71af342dc 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -61,7 +61,6 @@ struct X509_VERIFY_PARAM_ID_st { unsigned char *host; /* If not NULL hostname to match */ - size_t hostlen; unsigned int hostflags; /* Flags to control matching features */ unsigned char *email; /* If not NULL email address to match */ size_t emaillen; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 30fc974a20..b6d4989e4b 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -748,8 +748,7 @@ static int check_id(X509_STORE_CTX *ctx) X509_VERIFY_PARAM *vpm = ctx->param; X509_VERIFY_PARAM_ID *id = vpm->id; X509 *x = ctx->cert; - if (id->host && !X509_check_host(x, id->host, id->hostlen, - id->hostflags)) + if (id->host && !X509_check_host(x, id->host, 0, id->hostflags)) { if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) return 0; diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 3bedf7850c..d7cc231d58 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -91,7 +91,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { OPENSSL_free(paramid->host); paramid->host = NULL; - paramid->hostlen = 0; } if (paramid->email) { @@ -237,7 +236,7 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, if (test_x509_verify_param_copy_id(host, NULL)) { - if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen)) + if (!X509_VERIFY_PARAM_set1_host(dest, id->host, 0)) return 0; dest->id->hostflags = id->hostflags; } @@ -399,8 +398,7 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const unsigned char *name, size_t namelen) { - return int_x509_param_set1(¶m->id->host, ¶m->id->hostlen, - name, namelen); + return int_x509_param_set1(¶m->id->host, NULL, name, namelen); } void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, @@ -444,7 +442,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) return param->name; } -static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0}; +static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0}; #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id |