FreeBSD Bugzilla – Attachment 191514 Details for
Bug 226621
mail/cclient: hostname verification broken
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
updated version of the patch
patch-src_osdep_unix_ssl__unix.c (text/plain), 1.90 KB, created by
satanist+freebsd
on 2018-03-15 07:21:57 UTC
(
hide
)
Description:
updated version of the patch
Filename:
MIME Type:
Creator:
satanist+freebsd
Created:
2018-03-15 07:21:57 UTC
Size:
1.90 KB
patch
obsolete
>--- src/osdep/unix/ssl_unix.c.orig 2011-07-23 02:20:10.000000000 +0200 >+++ src/osdep/unix/ssl_unix.c 2018-03-12 00:03:36.550613000 +0100 >@@ -210,7 +210,7 @@ static char *ssl_start_work (SSLSTREAM * > BIO *bio; > X509 *cert; > unsigned long sl,tl; >- char *s,*t,*err,tmp[MAILTMPLEN]; >+ char *s,*t,*err,tmp[MAILTMPLEN], hostname[MAILTMPLEN]; > sslcertificatequery_t scq = > (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); > sslclientcert_t scc = >@@ -270,9 +270,9 @@ static char *ssl_start_work (SSLSTREAM * > (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), > host))) { > /* application callback */ >- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : ""; >+ if (scq) return (*scq) (err,host,cert ? X509_NAME_oneline (X509_get_subject_name(cert), NULL, 0) : "???") ? NIL : ""; > /* error message to return via mm_log() */ >- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); >+ sprintf (tmp,"*%.128s: %.255s",err,cert ? X509_NAME_oneline (X509_get_subject_name(cert), hostname, MAILTMPLEN) : "???"); > return ssl_last_error = cpystr (tmp); > } > return NIL; >@@ -316,15 +316,15 @@ static int ssl_open_verify (int ok,X509_ > static char *ssl_validate_cert (X509 *cert,char *host) > { > int i,n; >- char *s,*t,*ret; >+ char *s,*t,*ret, hostname[MAILTMPLEN]; > void *ext; > GENERAL_NAME *name; > /* make sure have a certificate */ > if (!cert) ret = "No certificate from server"; > /* and that it has a name */ >- else if (!cert->name) ret = "No name in certificate"; >+ else if (!X509_NAME_oneline(X509_get_subject_name(cert), hostname, MAILTMPLEN)) ret = "No name in certificate"; > /* locate CN */ >- else if (s = strstr (cert->name,"/CN=")) { >+ else if (s = strstr (hostname,"/CN=")) { > if (t = strchr (s += 4,'/')) *t = '\0'; > /* host name matches pattern? */ > ret = ssl_compare_hostnames (host,s) ? NIL :
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=191514">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 226621
: 191514 |
198493