From ed8edcac2da6f1dbedaaf2c79f40efdcd9023b99 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Thu, 9 Feb 2012 11:46:23 +0100 Subject: [PATCH] Create common name only if there's a subject Otherwise OpenSSL returns the common name from the issuer cert --- src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index cbe61adf33c..309ca030fe2 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -634,12 +634,12 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) } /* - * Get the Common Name + * Get the Common Name, if there is a subject. */ X509_NAME_get_text_by_NID(X509_get_subject_name(client_cert), NID_commonName, common_name, sizeof(common_name)); common_name[sizeof(common_name) - 1] = '\0'; - if ((lookup <= 1) && common_name[0] && (strlen(common_name) < MAX_STRING_LEN)) { + if ((lookup <= 1) && common_name[0] && subject[0] && (strlen(common_name) < MAX_STRING_LEN)) { pairadd(&handler->certs, pairmake(cert_attr_names[EAPTLS_CN][lookup], common_name, T_OP_SET)); } -- 2.47.3