struct X509_VERIFY_PARAM_ID_st
{
unsigned char *host; /* If not NULL hostname to match */
- size_t hostlen;
unsigned int hostflags; /* Flags to control matching features */
unsigned char *email; /* If not NULL email address to match */
size_t emaillen;
X509_VERIFY_PARAM *vpm = ctx->param;
X509_VERIFY_PARAM_ID *id = vpm->id;
X509 *x = ctx->cert;
- if (id->host && !X509_check_host(x, id->host, id->hostlen,
- id->hostflags))
+ if (id->host && !X509_check_host(x, id->host, 0, id->hostflags))
{
if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
return 0;
{
OPENSSL_free(paramid->host);
paramid->host = NULL;
- paramid->hostlen = 0;
}
if (paramid->email)
{
if (test_x509_verify_param_copy_id(host, NULL))
{
- if (!X509_VERIFY_PARAM_set1_host(dest, id->host, id->hostlen))
+ if (!X509_VERIFY_PARAM_set1_host(dest, id->host, 0))
return 0;
dest->id->hostflags = id->hostflags;
}
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen)
{
- return int_x509_param_set1(¶m->id->host, ¶m->id->hostlen,
- name, namelen);
+ return int_x509_param_set1(¶m->id->host, NULL, name, namelen);
}
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
return param->name;
}
-static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0};
+static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0};
#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id
int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags)
{
+ if (chklen == 0)
+ chklen = chk ? strlen((char *)chk) : 0;
+ else if (chk && memchr(chk, '\0', chklen))
+ return 0;
return do_x509_check(x, chk, chklen, flags, GEN_DNS);
}