diff options
author | David Benjamin <davidben@chromium.org> | 2015-09-19 20:50:27 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-09-24 02:59:43 +0300 |
commit | b50c91b5df61ec2f49891001999b4e5f49165453 (patch) | |
tree | 167216c30c3dfe164ff13cf1348a1377d64aec31 /crypto | |
parent | 5e4158fe12a37463d969479f40e58441d1431864 (diff) |
Cleaner handling of "cnid" in do_x509_check
Avoid using cnid = 0, use NID_undef instead, and return early instead of
trying to find an instance of that in the subject DN.
(Imported from upstrea's 40d5689458593aeca0d1a7f3591f7ccb48e459ac.)
Change-Id: I1bdf6bf7a4b1f4774a8dbec7e5df421b3a27c7e4
Reviewed-on: https://boringssl-review.googlesource.com/5947
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509v3/v3_utl.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index aa65c798..6bcb6dab 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -899,7 +899,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, X509_NAME *name = NULL; size_t i; int j; - int cnid; + int cnid = NID_undef; int alt_type; int san_present = 0; int rv = 0; @@ -927,7 +927,6 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, } else { - cnid = 0; alt_type = V_ASN1_OCTET_STRING; equal = equal_case; } @@ -957,11 +956,16 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, GENERAL_NAMES_free(gens); if (rv != 0) return rv; - if (!cnid + if (cnid == NID_undef || (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) return 0; } + + /* We're done if CN-ID is not pertinent */ + if (cnid == NID_undef) + return 0; + j = -1; name = X509_get_subject_name(x); while((j = X509_NAME_get_index_by_NID(name, cnid, j)) >= 0) |