From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 9 Feb 2012 10:46:23 +0000 (+0100)
Subject: Create common name only if there's a subject
X-Git-Tag: release_2_2_0~175
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed8edcac2da6f1dbedaaf2c79f40efdcd9023b99;p=thirdparty%2Ffreeradius-server.git

Create common name only if there's a subject

Otherwise OpenSSL returns the common name from the issuer cert
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
index cbe61adf33c..309ca030fe2 100644
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
@@ -634,12 +634,12 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	}
 
 	/*
-	 *	Get the Common Name
+	 *	Get the Common Name, if there is a subject.
 	 */
 	X509_NAME_get_text_by_NID(X509_get_subject_name(client_cert),
 				  NID_commonName, common_name, sizeof(common_name));
 	common_name[sizeof(common_name) - 1] = '\0';
-	if ((lookup <= 1) && common_name[0] && (strlen(common_name) < MAX_STRING_LEN)) {
+	if ((lookup <= 1) && common_name[0] && subject[0] && (strlen(common_name) < MAX_STRING_LEN)) {
 		pairadd(&handler->certs,
 			pairmake(cert_attr_names[EAPTLS_CN][lookup], common_name, T_OP_SET));
 	}