lib-ssl-iostream: Return NULL from ssl_iostream_get_peer_name when name not available

author Aki Tuomi <aki.tuomi@open-xchange.com>

Thu, 22 Dec 2022 18:57:30 +0000 (20:57 +0200)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Fri, 23 Dec 2022 10:02:55 +0000 (12:02 +0200)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Thu, 22 Dec 2022 18:57:30 +0000 (20:57 +0200)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Fri, 23 Dec 2022 10:02:55 +0000 (12:02 +0200)
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c

index c0f52e6a9c5641d7681a2bbed2e3545c3a533683..60b78241f62725b693f3640c33fbfc415b5f4909 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -813,22 +813,22 @@ openssl_iostream_get_peer_name(struct ssl_iostream *ssl_io)
         len = X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
                                         ssl_io->username_nid, NULL, 0);
         if (len < 0)
-               name = "";
+               name = NULL;
         else {
                 name = t_malloc0(len + 1);
                 if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
                                               ssl_io->username_nid,
                                               name, len + 1) < 0)
-                       name = "";
+                       name = NULL;
                 else if (strlen(name) != (size_t)len) {
                         /* NUL characters in name. Someone's trying to fake
                            being another user? Don't allow it. */
-                       name = "";
+                       name = NULL;
                 }
         }
         X509_free(x509);
  
-       return *name == '\0' ? NULL : name;
+       return name;
  }
  
  static const char *openssl_iostream_get_server_name(struct ssl_iostream *ssl_io)
diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h

index 6eac7e84120781cd88a417875e6bdbbfeb09d987..3b4864ae9243ecfee9da651be93c5bc9ce02a587 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -122,6 +122,8 @@ int ssl_iostream_check_cert_validity(struct ssl_iostream *ssl_io,
     will always return FALSE before even checking the hostname. */
  bool ssl_iostream_cert_match_name(struct ssl_iostream *ssl_io, const char *name,
                                   const char **reason_r);
+/* Returns name of the peer if available, NULL if not. Usually used to retrieve
+   username from certificate. */
  const char *ssl_iostream_get_peer_name(struct ssl_iostream *ssl_io);
  const char *ssl_iostream_get_compression(struct ssl_iostream *ssl_io);
  const char *ssl_iostream_get_server_name(struct ssl_iostream *ssl_io);
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Thu, 22 Dec 2022 18:57:30 +0000 (20:57 +0200)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Fri, 23 Dec 2022 10:02:55 +0000 (12:02 +0200)
src/lib-ssl-iostream/iostream-openssl.c		patch \| blob \| blame \| history
src/lib-ssl-iostream/iostream-ssl.h		patch \| blob \| blame \| history