]> git.ipfire.org Git - thirdparty/openvpn.git/commitdiff
projects / thirdparty / openvpn.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d048347)
Fix bug that incorrectly refuses oid representation eku's in polar builds
authorSteffan Karger <steffan.karger@fox-it.com>
Fri, 25 Apr 2014 08:41:17 +0000 (10:41 +0200)
committerGert Doering <gert@greenie.muc.de>
Tue, 24 Jun 2014 19:41:56 +0000 (21:41 +0200)
The return value of x509_get_numeric_string() was interpreted incorrectly
by ssl_verify_polarssl.c's x509_verify_cert_eku(). This patch enables the
usage of oid represenation in --remote-cert-eku options.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Message-Id: <1398415277-6880-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8627
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/ssl_verify_polarssl.c patch | blob | blame | history

diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index 71d38a9d143a6e0b7740f894f57d2f51b0c580e4..7e8b5179a324e47419a2066fe2ca59b831dac0d3 100644 (file)
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -337,7 +337,7 @@ x509_verify_cert_eku (x509_crt *cert, const char * const expected_oid)
                }
            }
 
-         if (0 == x509_oid_get_numeric_string( oid_num_str,
+         if (0 < x509_oid_get_numeric_string( oid_num_str,
              sizeof (oid_num_str), oid))
            {
              msg (D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s",
Mirror of https://github.com/OpenVPN/openvpn.git