Revert db13010a2e8d but add a comment. (see #3870)

X509_NAME_oneline() always NULL-terminates the string, even when it
has to truncate the data to fit in buf.

diff --git a/mutt_ssl.c b/mutt_ssl.c
index 01ab7b8c5c7884478a1f416011c2e266fba541ad..c470afe301929ffbbb90b07628708e5a815f0596 100644 (file)
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -982,10 +982,11 @@ static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
 #ifdef DEBUG
   char buf[STRING];
 
-  buf[STRING - 1] = '\0';
+  /* Note that X509_NAME_online will NULL-terminate buf, even when it
+   * has to truncate the data. */
   dprint (1, (debugfile, "ssl_check_certificate: checking cert %s\n",
               X509_NAME_oneline (X509_get_subject_name (data->cert),
-                                 buf, sizeof (buf) - 1)));
+                                 buf, sizeof (buf))));
 #endif
 
   if ((preauthrc = ssl_check_preauth (data->cert, conn->account.host)) > 0)
@@ -1005,7 +1006,7 @@ static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
 
     dprint (1, (debugfile, "ssl_check_certificate: checking cert chain entry %s\n",
                 X509_NAME_oneline (X509_get_subject_name (cert),
-                                   buf, sizeof (buf) - 1)));
+                                   buf, sizeof (buf))));
 
     /* if the certificate validates or is manually accepted, then add it to
      * the trusted set and recheck the peer certificate */