diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2023-05-28 09:06:35 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2023-05-28 09:06:35 +0000 |
| commit | 0556cac25103ec24fa9cc396eb3a1fdc739a4b03 (patch) | |
| tree | 8d812ac327ca12f6912160554687fbd3c9f5a41d | |
| parent | f1e545a20f37b3d886115e9b4bfcfa96341e9d11 (diff) | |
correct comment, spotted by tb@
| -rw-r--r-- | lib/libtls/tls_verify.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/libtls/tls_verify.c b/lib/libtls/tls_verify.c index 420e278c996..acc034d9c13 100644 --- a/lib/libtls/tls_verify.c +++ b/lib/libtls/tls_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_verify.c,v 1.24 2023/05/28 09:02:01 beck Exp $ */ +/* $OpenBSD: tls_verify.c,v 1.25 2023/05/28 09:06:34 beck Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * @@ -243,9 +243,9 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name, data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject_name, lastpos)); /* - * Fail if we cannot encode as UTF-8, or if the UTF-8 encoding of the - * string contains a 0 byte. We treat any certificate with such data - * in the CN as hostile and fail. + * Fail if we cannot encode as UTF-8, if the CN is of invalid length, or + * if the UTF-8 encoding of the string contains a 0 byte. We treat any + * certificate with such data in the CN as hostile and fail. */ if ((common_name_len = ASN1_STRING_to_UTF8(&utf8_bytes, data)) < 0) { tls_set_errorx(ctx, "error verifying name '%s': " |