diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2024-11-12 22:50:07 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-11-12 22:50:07 +0000 |
commit | 2a8dd47062ba54a160f8f3b87f306ab0138e1b45 (patch) | |
tree | 3a5dd835bb927c4e8a0ea662ea6a968330c607c5 /sbin/scan_ffs | |
parent | c7762499cbdf2208441f0bbdba2119d0e228cc1c (diff) |
The subject of a certificate is not optional
A certificate must have a subject, so X509_get_subject_name() cannot
return NULL on a correctly parsed certificate, even if the subject is
empty (which is allowed). So if X509_get_subject_name() returns NULL,
error instead of silently ignoring it in tls_check_common_name().
This is currently no issue. Where it matters, the match against the
common name will fail later, so we fail closed anyway.
ok jsing
Diffstat (limited to 'sbin/scan_ffs')
0 files changed, 0 insertions, 0 deletions