Changeset b1c2b01 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Jan 29, 2013, 11:00:15 PM (7 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream
Children:
6f76e16
Parents:
834d926
Message:

avoid a segfault if no X.509 certificates are present during vhost_cb

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    r834d926 rb1c2b01  
    554554    mgs_srvconf_rec *tsc;
    555555    vhost_cb_rec *x = baton;
     556    int ret;
    556557   
    557558    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
     
    563564    }
    564565   
    565         int ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_chain[0], s->server_hostname);
    566     if (0 == ret)
     566    if (tsc->certs_x509_chain_num > 0) {
     567        /* why are we doing this check? */
     568        ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_chain[0], s->server_hostname);
     569        if (0 == ret)
     570            ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
     571                         "GnuTLS: Error checking certificate for hostname "
     572                         "'%s'", s->server_hostname);
     573    } else {
    567574        ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
    568                      "GnuTLS: Error checking certificate for hostname "
    569                      "'%s'", s->server_hostname);
     575                     "GnuTLS: SNI request for '%s' but no X.509 certs available at all",
     576                     s->server_hostname);
     577    }
    570578        return check_server_aliases(x, s, tsc);
    571579}
Note: See TracChangeset for help on using the changeset viewer.