1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From 77a13d5625890d6a0dc3ec312b9d237e61791033 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Sat, 1 Mar 2025 18:20:35 +0100
Subject: [PATCH] fix(socket.c): Correctly check the common name, even if not
set (only SAN)
---
socket.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/socket.c b/socket.c
index 42b8f1a5..c81bca63 100644
--- a/socket.c
+++ b/socket.c
@@ -728,7 +728,6 @@ static int SSL_verify_callback(int ok_return, X509_STORE_CTX *ctx, const int str
_depth0ck = 1;
}
- if ((i = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, sizeof(buf))) != -1) {
if (_ssl_server_cname != NULL) {
char *p1 = buf;
char *p2 = _ssl_server_cname;
@@ -779,14 +778,6 @@ static int SSL_verify_callback(int ok_return, X509_STORE_CTX *ctx, const int str
report(stderr, GT_("Server name not set, could not verify certificate!\n"));
if (strict) return (0);
}
- } else {
- if (outlevel >= O_VERBOSE)
- report(stdout, GT_("Unknown Server CommonName\n"));
- if (ok_return && strict) {
- report(stderr, GT_("Server name not specified in certificate!\n"));
- return (0);
- }
- }
/* Print the finger print. Note that on errors, we might print it more than once
* normally; we kluge around that by using a global variable. */
if (_check_fp == 1) {
--
2.47.2
|
