Skip to content

Commit

Permalink
crypto: fix to check ext method for shared lib
Browse files Browse the repository at this point in the history
In the case of using openssl with shared library,
reinterpret_cast<X509V3_EXT_I2V>(i2v_GENERAL_NAMES)) refers plt
pointer so that SafeX509ExtPrint returns false.
Fix it to check it with method of NID_subject_alt_name

This patch originally was created by Fedor Indutny
and Ben Noordhuis

Fixes: #617
PR-URL: #800

Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
  • Loading branch information
Shigeki Ohtsu committed Feb 11, 2015
1 parent 15d156e commit e63b517
Showing 1 changed file with 1 addition and 7 deletions.
8 changes: 1 addition & 7 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1099,15 +1099,9 @@ void SSLWrap<Base>::OnClientHello(void* arg,


static bool SafeX509ExtPrint(BIO* out, X509_EXTENSION* ext) {
// Only alt_name is escaped at the moment
if (OBJ_obj2nid(ext->object) != NID_subject_alt_name)
return false;

const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext);
if (method == NULL || method->it == NULL)
return false;

if (method->i2v != reinterpret_cast<X509V3_EXT_I2V>(i2v_GENERAL_NAMES))
if (method != X509V3_EXT_get_nid(NID_subject_alt_name))
return false;

const unsigned char* p = ext->value->data;
Expand Down

0 comments on commit e63b517

Please sign in to comment.