(ITS#5361) cert verification failures with GnuTLS and DNS subjectAltName
hyc at symas.com
Sat Feb 16 21:25:34 CET 2008
Nikos Mavrogiannopoulos wrote:
> On Friday 15 February 2008, Howard Chu wrote:
>>> Anyway, does the attached
>>> patch solve your problem?
>> Not really. It still returns a size one byte larger than expected for the
>> strings. Even in languages where NUL-terminated strings are the norm, the
>> terminating byte is not included in the length.
>> The point is, we expect this API to return exactly the data that was in the
>> certificate. If the caller wants to treat the data as a string, they can
>> NUL-terminate it themselves. The manpage only says that the data will be
>> returned, it does not say that it will be altered in any way.
> Actually you are right. The return value shouldn't be increased (this also
> happens in the other similar functions). I've corrected the patch and
> commited at:
Thanks. That looks ok to me.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Gnutls-devel