CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2024/11/12 15:50:06
Modified files:
lib/libtls : tls_verify.c
Log message:
The subject of a certificate is not optional
A certificate must have a subject, so X509_get_subject_name() cannot
return NULL on a correctly parsed certificate, even if the subject is
empty (which is allowed). So if X509_get_subject_name() returns NULL,
error instead of silently ignoring it in tls_check_common_name().
This is currently no issue. Where it matters, the match against the
common name will fail later, so we fail closed anyway.
ok jsing
