]> granicus.if.org Git - openssl/commit
projects / openssl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0982eca) | patch
Better invalid SNI name error handling
authorViktor Dukhovni <openssl-users@dukhovni.org>
Sat, 16 Jan 2016 18:25:17 +0000 (13:25 -0500)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Sat, 16 Jan 2016 22:15:42 +0000 (17:15 -0500)
commit8d887efa2ebd8ceff261514efbd6460c262172b3
treeb7fe17c640ca22b62577805ad943f8e9e81e2fe2tree | snapshot
parent0982ecaaee78a106c5db440317b0a8a9c0022bedcommit | diff
Better invalid SNI name error handling

Also report an SSL_dane_enable error when the basedomain is an
invalid SNI name.  Avoid side-effects when such a name is valid
with X509_VERIFY_PARAM_set1_host(), as e.g. with an empty name, by
setting the SNI name first.

Reviewed-by: Rich Salz <rsalz@openssl.org>
ssl/ssl_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.