[Spice-devel] [common PATCH 1/4 v2] ssl-verify: Only check addr length when using IP addr
Lukas Venhoda
lvenhoda at redhat.com
Thu Oct 8 07:32:55 PDT 2015
Only check for address lenght, when connecting trough IP address.
It is not used, when connecting trough DNS hostname.
---
Changes since v1:
- New patch
- Wasn't moved in v1
---
common/ssl_verify.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index a830800..24c6e2c 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -173,11 +173,6 @@ static int verify_hostname(X509* cert, const char *hostname)
return 0;
}
- // only IpV4 supported
- if (inet_aton(hostname, &addr)) {
- addr_len = sizeof(struct in_addr);
- }
-
/* try matching against:
* 1) a DNS name as an alternative name (subjectAltName) extension
* in the certificate
@@ -211,6 +206,12 @@ static int verify_hostname(X509* cert, const char *hostname)
} else if (name->type == GEN_IPADD) {
int alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
found_dns_name = 1;
+
+ // only IpV4 supported
+ if (inet_aton(hostname, &addr)) {
+ addr_len = sizeof(struct in_addr);
+ }
+
if ((addr_len == alt_ip_len)&&
!memcmp(ASN1_STRING_data(name->d.iPAddress), &addr, addr_len)) {
spice_debug("alt name IP match=%s",
--
2.4.3
More information about the Spice-devel
mailing list