X509_NAME_ENTRY *ne;
ASN1_OBJECT *obj;
ASN1_STRING *cn = NULL;
+ char *cnstr;
+ int cnlen;
int navas;
/* find the last CN */
}
ld->ld_error = LDAP_STRDUP(
_("TLS: unable to get CN from peer certificate"));
+ } else {
+ cnlen = ASN1_STRING_length( cn );
+ cnstr = (char *)ASN1_STRING_get0_data( cn );
+ if ( cnlen == nlen &&
+ strncasecmp( name, (char *) cnstr, nlen ) == 0 ) {
+ ret = LDAP_SUCCESS;
- } else if ( cn->length == nlen &&
- strncasecmp( name, (char *) cn->data, nlen ) == 0 ) {
- ret = LDAP_SUCCESS;
-
- } else if (( cn->data[0] == '*' ) && ( cn->data[1] == '.' )) {
- char *domain = strchr(name, '.');
- if( domain ) {
- int dlen;
+ } else if (( cnstr[0] == '*' ) && ( cnstr[1] == '.' )) {
+ char *domain = strchr(name, '.');
+ if( domain ) {
+ int dlen;
- dlen = nlen - (domain-name);
+ dlen = nlen - (domain-name);
- /* Is this a wildcard match? */
- if ((dlen == cn->length-1) &&
- !strncasecmp(domain, (char *) &cn->data[1], dlen)) {
- ret = LDAP_SUCCESS;
+ /* Is this a wildcard match? */
+ if ((dlen == cnlen-1) &&
+ !strncasecmp(domain, cnstr+1, dlen)) {
+ ret = LDAP_SUCCESS;
+ }
}
}
}
if( ret == LDAP_LOCAL_ERROR ) {
Debug3( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
"common name in certificate (%.*s).\n",
- name, cn->length, cn->data );
+ name, cnlen, cnstr );
ret = LDAP_CONNECT_ERROR;
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
projects / thirdparty / openldap.git / commitdiff
