From 34c623132dbf83f05cbb7ba8fc1961b92b75e995 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sun, 7 Dec 2014 15:00:33 +0000 Subject: Allow specific libtls hostname validation errors to propagate. Remove direct calls to printf from the tls_check_hostname() path. This allows NUL byte error messages to bubble up to the caller, to be logged in a program-appropriate way. It also removes non-portable calls to getprogname(). The semantics of tls_error() are changed slightly: the last error message is not necessarily preserved between subsequent calls into the library. When the previous call to libtls succeeds, client programs should treat the return value of tls_error() as undefined. ok tedu@ --- lib/libtls/tls_verify.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) (limited to 'lib/libtls/tls_verify.c') diff --git a/lib/libtls/tls_verify.c b/lib/libtls/tls_verify.c index fa0010922fc..0252e205752 100644 --- a/lib/libtls/tls_verify.c +++ b/lib/libtls/tls_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_verify.c,v 1.1 2014/10/31 13:46:17 jsing Exp $ */ +/* $OpenBSD: tls_verify.c,v 1.2 2014/12/07 15:00:32 bcook Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * @@ -27,8 +27,8 @@ #include "tls_internal.h" int tls_match_hostname(const char *cert_hostname, const char *hostname); -int tls_check_subject_altname(X509 *cert, const char *host); -int tls_check_common_name(X509 *cert, const char *host); +int tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *host); +int tls_check_common_name(struct tls *ctx, X509 *cert, const char *host); int tls_match_hostname(const char *cert_hostname, const char *hostname) @@ -80,7 +80,7 @@ tls_match_hostname(const char *cert_hostname, const char *hostname) } int -tls_check_subject_altname(X509 *cert, const char *host) +tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *host) { STACK_OF(GENERAL_NAME) *altname_stack = NULL; union { struct in_addr ip4; struct in6_addr ip6; } addrbuf; @@ -123,10 +123,11 @@ tls_check_subject_altname(X509 *cert, const char *host) if (ASN1_STRING_length(altname->d.dNSName) != (int)strlen(data)) { - fprintf(stdout, "%s: NUL byte in " - "subjectAltName, probably a " - "malicious certificate.\n", - getprogname()); + tls_set_error(ctx, + "error verifying host '%s': " + "NUL byte in subjectAltName, " + "probably a malicious certificate", + host); rv = -2; break; } @@ -135,10 +136,7 @@ tls_check_subject_altname(X509 *cert, const char *host) rv = 0; break; } - } else - fprintf(stdout, "%s: unhandled subjectAltName " - "dNSName encoding (%d)\n", getprogname(), - format); + } } else if (type == GEN_IPADD) { unsigned char *data; @@ -160,7 +158,7 @@ tls_check_subject_altname(X509 *cert, const char *host) } int -tls_check_common_name(X509 *cert, const char *host) +tls_check_common_name(struct tls *ctx, X509 *cert, const char *host) { X509_NAME *name; char *common_name = NULL; @@ -186,8 +184,9 @@ tls_check_common_name(X509 *cert, const char *host) /* NUL bytes in CN? */ if (common_name_len != (int)strlen(common_name)) { - fprintf(stdout, "%s: NUL byte in Common Name field, " - "probably a malicious certificate.\n", getprogname()); + tls_set_error(ctx, "error verifying host '%s': " + "NUL byte in Common Name field, " + "probably a malicious certificate.", host); rv = -2; goto out; } @@ -213,13 +212,13 @@ out: } int -tls_check_hostname(X509 *cert, const char *host) +tls_check_hostname(struct tls *ctx, X509 *cert, const char *host) { int rv; - rv = tls_check_subject_altname(cert, host); + rv = tls_check_subject_altname(ctx, cert, host); if (rv == 0 || rv == -2) return rv; - return tls_check_common_name(cert, host); + return tls_check_common_name(ctx, cert, host); } -- cgit v1.2.3