From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 1 Aug 2009 22:18:37 +0000 (+0000)
Subject: clarify the description of the null byte in cert name fix
X-Git-Tag: curl-7_19_6~29
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aabf62e7d273d95426c2f2ce05813f9f6e470114;p=curl

clarify the description of the null byte in cert name fix
---

diff --git a/CHANGES b/CHANGES
index a69c714ba..2f0b74015 100644
--- a/CHANGES
+++ b/CHANGES
@@ -27,8 +27,10 @@ Daniel Stenberg (1 Aug 2009)
   if the name in the cert was "example.com\0theatualsite.com", libcurl would
   happily verify that cert for example.com.
 
-  libcurl now better use the length of the extracted name, not assuming it is
-  zero terminated.
+  libcurl now better uses the length of the extracted name, not using the zero
+  termination for getting the string length.
+
+  This fixing only made and needed in OpenSSL interfacing code.
 
 - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
   only in some OpenSSL installs - like on Windows) isn't thread-safe and we