jaiden
/
apk-tools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

libfetch: fix certificate host name check 

OpenSSL allows passing zero-length to indicate "use strlen".
LibreSSL requires using the real length always, so pass the length.
cute-signatures
Timo Teräs 2017-10-06 18:09:37 +03:00
parent eb8f44d629
commit 0d814ba35b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libfetch/common.c
View File

@ -541,7 +541,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
if (getenv("SSL_NO_VERIFY_HOSTNAME") == NULL) { if (getenv("SSL_NO_VERIFY_HOSTNAME") == NULL) {
if (verbose) if (verbose)
fetch_info("Verify hostname"); fetch_info("Verify hostname");
if (X509_check_host(conn->ssl_cert, URL->host, 0, if (X509_check_host(conn->ssl_cert, URL->host, strlen(URL->host),
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS,
NULL) != 1) { NULL) != 1) {
fprintf(stderr, "SSL certificate subject doesn't match host %s\n", fprintf(stderr, "SSL certificate subject doesn't match host %s\n",