From e63b51793bb36a28415e137cd2b1086b8bd31ffa Mon Sep 17 00:00:00 2001
From: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Date: Wed, 11 Feb 2015 23:35:47 +0900
Subject: [PATCH] crypto: fix to check ext method for shared lib

In the case of using openssl with shared library,
reinterpret_cast<X509V3_EXT_I2V>(i2v_GENERAL_NAMES)) refers plt
pointer so that SafeX509ExtPrint returns false.
Fix it to check it with method of NID_subject_alt_name

This patch originally was created by Fedor Indutny
and Ben Noordhuis

Fixes: https://github.com/iojs/io.js/issues/617
PR-URL: https://github.com/iojs/io.js/pull/800

Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
---
 src/node_crypto.cc | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 5432eaeccc..230231080b 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -1099,15 +1099,9 @@ void SSLWrap<Base>::OnClientHello(void* arg,
 
 
 static bool SafeX509ExtPrint(BIO* out, X509_EXTENSION* ext) {
-  // Only alt_name is escaped at the moment
-  if (OBJ_obj2nid(ext->object) != NID_subject_alt_name)
-    return false;
-
   const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext);
-  if (method == NULL || method->it == NULL)
-    return false;
 
-  if (method->i2v != reinterpret_cast<X509V3_EXT_I2V>(i2v_GENERAL_NAMES))
+  if (method != X509V3_EXT_get_nid(NID_subject_alt_name))
     return false;
 
   const unsigned char* p = ext->value->data;