58 lines
1.8 KiB
Diff
58 lines
1.8 KiB
Diff
diff -up openssl-1.0.2k/ssl/ssl_cert.c.name-sensitive openssl-1.0.2k/ssl/ssl_cert.c
|
|
--- openssl-1.0.2k/ssl/ssl_cert.c.name-sensitive 2017-01-26 14:22:04.000000000 +0100
|
|
+++ openssl-1.0.2k/ssl/ssl_cert.c 2018-06-18 13:43:12.452502627 +0200
|
|
@@ -855,9 +855,33 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,
|
|
return (add_client_CA(&(ctx->client_CA), x));
|
|
}
|
|
|
|
-static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
|
|
+static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
|
|
{
|
|
- return (X509_NAME_cmp(*a, *b));
|
|
+ unsigned char *abuf = NULL, *bbuf = NULL;
|
|
+ int alen, blen, ret;
|
|
+
|
|
+ /* X509_NAME_cmp() itself casts away constness in this way, so
|
|
+ * assume it's safe:
|
|
+ */
|
|
+ alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
|
|
+ blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
|
|
+
|
|
+ if (alen < 0 || blen < 0)
|
|
+ ret = -2;
|
|
+ else if (alen != blen)
|
|
+ ret = alen - blen;
|
|
+ else /* alen == blen */
|
|
+ ret = memcmp(abuf, bbuf, alen);
|
|
+
|
|
+ OPENSSL_free(abuf);
|
|
+ OPENSSL_free(bbuf);
|
|
+
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
|
|
+{
|
|
+ return xname_cmp(*a, *b);
|
|
}
|
|
|
|
#ifndef OPENSSL_NO_STDIO
|
|
@@ -876,7 +900,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_
|
|
X509_NAME *xn = NULL;
|
|
STACK_OF(X509_NAME) *ret = NULL, *sk;
|
|
|
|
- sk = sk_X509_NAME_new(xname_cmp);
|
|
+ sk = sk_X509_NAME_new(xname_sk_cmp);
|
|
|
|
in = BIO_new(BIO_s_file_internal());
|
|
|
|
@@ -948,7 +972,7 @@ int SSL_add_file_cert_subjects_to_stack(
|
|
int ret = 1;
|
|
int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
|
|
|
|
- oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
|
|
+ oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
|
|
|
|
in = BIO_new(BIO_s_file_internal());
|
|
|