mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-26 11:53:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Submitted by: Florian Weimer <fweimer@redhat.com>

Browse Source 
PR: 2909

Update test cases to cover internal error return values.

Remove IDNA wildcard filter.
This commit is contained in:
Dr. Stephen Henson 2012-11-21 14:10:48 +00:00
parent 5c1393bfc3
commit 472af806ce
2 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/x509v3/v3_utl.c
View File

@ -719,12 +719,7 @@ static const unsigned char *wildcard_find_star(const unsigned char *pattern,
static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
const unsigned char *subject, size_t subject_len)
{
const unsigned char *star;
/* Do not match IDNA names. */
if (subject_len >=4 && memcmp(subject, "xn--", 4) == 0)
star = NULL;
else
star = wildcard_find_star(pattern, pattern_len);
const unsigned char *star = wildcard_find_star(pattern, pattern_len);
if (star == NULL)
return equal_nocase(pattern, pattern_len,
subject, subject_len);

28
crypto/x509v3/v3nametest.c
View File

@ -24,6 +24,7 @@ static const char *const exceptions[] =
"set CN: host: [*.example.com] matches [a.example.com]",
"set CN: host: [*.example.com] matches [b.example.com]",
"set CN: host: [*.example.com] matches [www.example.com]",
"set CN: host: [*.example.com] matches [xn--rger-koa.example.com]",
"set CN: host: [test.*.example.com] does not match [test.*.example.com]",
"set CN: host: [test.*.example.com] matches [test.www.example.com]",
"set CN: host: [*.www.example.com] does not match [*.www.example.com]",
@ -36,6 +37,7 @@ static const char *const exceptions[] =
"set dnsName: host: [*.example.com] does not match [*.example.com]",
"set dnsName: host: [*.example.com] matches [a.example.com]",
"set dnsName: host: [*.example.com] matches [b.example.com]",
"set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]",
"set dnsName: host: [*.www.example.com] matches [test.www.example.com]",
"set dnsName: host: [*.www.example.com] does not match [*.www.example.com]",
"set dnsName: host: [test.*.example.com] matches [test.www.example.com]",
@ -273,28 +275,38 @@ static void run_cert(X509 *crt, const char *nameincert,
ret = X509_check_host(crt, (const unsigned char *)name,
namelen, 0);
match = -1;
if (fn->host)
if (ret < 0)
{
if (ret && !samename)
fprintf(stderr, "internal error in X509_check_host");
++errors;
}
else if (fn->host)
{
if (ret == 1 && !samename)
match = 1;
if (!ret && samename)
if (ret == 0 && samename)
match = 0;
}
else if (ret)
else if (ret == 1)
match = 1;
check_message(fn, "host", nameincert, match, *pname);
ret = X509_check_host(crt, (const unsigned char *)name,
namelen, X509_CHECK_FLAG_NO_WILDCARDS);
match = -1;
if (fn->host)
if (ret < 0)
{
if (ret && !samename)
fprintf(stderr, "internal error in X509_check_host");
++errors;
}
else if (fn->host)
{
if (ret == 1 && !samename)
match = 1;
if (!ret && samename)
if (ret == 0 && samename)
match = 0;
}
else if (ret)
else if (ret == 1)
match = 1;
check_message(fn, "host-no-wildcards",
nameincert, match, *pname);