Browse Source

crypto: fix to check ext method for shared lib

In the case of using openssl with shared library,
reinterpret_cast<X509V3_EXT_I2V>(i2v_GENERAL_NAMES)) refers plt
pointer so that SafeX509ExtPrint returns false.
Fix it to check it with method of NID_subject_alt_name

This patch originally was created by Fedor Indutny
and Ben Noordhuis

Fixes: https://github.com/iojs/io.js/issues/617
PR-URL: https://github.com/iojs/io.js/pull/800

Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
v1.8.0-commit
Shigeki Ohtsu 10 years ago
parent
commit
e63b51793b
  1. 8
      src/node_crypto.cc

8
src/node_crypto.cc

@ -1099,15 +1099,9 @@ void SSLWrap<Base>::OnClientHello(void* arg,
static bool SafeX509ExtPrint(BIO* out, X509_EXTENSION* ext) { static bool SafeX509ExtPrint(BIO* out, X509_EXTENSION* ext) {
// Only alt_name is escaped at the moment
if (OBJ_obj2nid(ext->object) != NID_subject_alt_name)
return false;
const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext); const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext);
if (method == NULL || method->it == NULL)
return false;
if (method->i2v != reinterpret_cast<X509V3_EXT_I2V>(i2v_GENERAL_NAMES)) if (method != X509V3_EXT_get_nid(NID_subject_alt_name))
return false; return false;
const unsigned char* p = ext->value->data; const unsigned char* p = ext->value->data;

Loading…
Cancel
Save