(ITS#5361) cert verification failures with GnuTLS and DNS subjectAltName
Howard Chu
hyc at symas.com
Sat Feb 16 21:25:34 CET 2008
Nikos Mavrogiannopoulos wrote:
> On Friday 15 February 2008, Howard Chu wrote:
>
>>> Anyway, does the attached
>>> patch solve your problem?
>> Not really. It still returns a size one byte larger than expected for the
>> strings. Even in languages where NUL-terminated strings are the norm, the
>> terminating byte is not included in the length.
>>
>> The point is, we expect this API to return exactly the data that was in the
>> certificate. If the caller wants to treat the data as a string, they can
>> NUL-terminate it themselves. The manpage only says that the data will be
>> returned, it does not say that it will be altered in any way.
>
> Actually you are right. The return value shouldn't be increased (this also
> happens in the other similar functions). I've corrected the patch and
> commited at:
>
> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=4cc3c6b6ed00660e55559bab148021fc077da21f
Thanks. That looks ok to me.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Gnutls-devel
mailing list