Re: SSL cert error
Date: Mon, 21 Jun 2004 12:05:47 +0200
"Daniel Stenberg" <daniel-curl_at_haxx.se> said:
> The assumption that the 'altptr' data is zero terminated (when doing the
> subjectAltName checks). The OpenSSL man page explicitly says: "In general it
> cannot be assumed that the data returned by ASN1_STRING_data() is null
> terminated or does not contain embedded nulls."
Probably to cover their butts or the docs isn't up-to-date. It further says:
... The actual format of the data will depend on the actual string
type itself: for example for and IA5String the data will be ASCII, ..
Not that I've checked in practice cause I didn't find any CERT's with alternate
names. But I checked the 0.9.6 and 0.9.8 sources before my patch and
it always 0-terminates an IA5String. See crypto/x509v3/v3_alt.c which
calls ASN1_STRING_set() that adds a 0-termination:
/* an allowance for strings :-) */
Received on 2004-06-21