diff options
| author | Steven Fackler <[email protected]> | 2016-10-31 22:43:05 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-10-31 22:43:05 -0700 |
| commit | dc4098bdd83e23703b2490741ee7461caea83375 (patch) | |
| tree | e0f1fd86bd2fc67e51fe744b09762f89f04d46e3 /openssl/src/ssl | |
| parent | Merge pull request #507 from sfackler/ref (diff) | |
| download | rust-openssl-dc4098bdd83e23703b2490741ee7461caea83375.tar.xz rust-openssl-dc4098bdd83e23703b2490741ee7461caea83375.zip | |
Clean up x509 name entries
Diffstat (limited to 'openssl/src/ssl')
| -rw-r--r-- | openssl/src/ssl/connector.rs | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index a1bcfa77..5520e578 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -253,6 +253,7 @@ fn setup_verify(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> { #[cfg(not(any(ossl102, ossl110)))] mod verify { use std::net::IpAddr; + use std::str; use nid; use x509::{X509StoreContext, X509, GeneralNames, X509Name}; @@ -305,7 +306,12 @@ mod verify { } fn verify_subject_name(domain: &str, subject_name: &Ref<X509Name>) -> bool { - if let Some(pattern) = subject_name.text_by_nid(nid::COMMONNAME) { + if let Some(pattern) = subject_name.entries_by_nid(nid::COMMONNAME).next() { + let pattern = match str::from_utf8(pattern.data().as_slice()) { + Ok(pattern) => pattern, + Err(_) => return false, + }; + // Unlike with SANs, IP addresses in the subject name don't have a // different encoding. We need to pass this down to matches_dns to // disallow wildcard matches with bogus patterns like *.0.0.1 |