summaryrefslogtreecommitdiff
path: root/sbin/ncheck_ffs
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2024-11-12 22:50:07 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2024-11-12 22:50:07 +0000
commit2a8dd47062ba54a160f8f3b87f306ab0138e1b45 (patch)
tree3a5dd835bb927c4e8a0ea662ea6a968330c607c5 /sbin/ncheck_ffs
parentc7762499cbdf2208441f0bbdba2119d0e228cc1c (diff)
The subject of a certificate is not optional
A certificate must have a subject, so X509_get_subject_name() cannot return NULL on a correctly parsed certificate, even if the subject is empty (which is allowed). So if X509_get_subject_name() returns NULL, error instead of silently ignoring it in tls_check_common_name(). This is currently no issue. Where it matters, the match against the common name will fail later, so we fail closed anyway. ok jsing
Diffstat (limited to 'sbin/ncheck_ffs')
0 files changed, 0 insertions, 0 deletions