[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev SIGSEGV with SSL site which has no CN
|
From: |
patakuti |
|
Subject: |
lynx-dev SIGSEGV with SSL site which has no CN |
|
Date: |
Sun, 26 Jan 2003 17:09:35 +0900 (JST) |
Lynx exits with SIGSEGV when connecting to SSL site which has no CN
(common name?) in certificat.
ex: https://web-shokai.tokyo-denwa.net/
I wrote a patch and attached it to this mail, though I don't know
wheter CN can be omitted or not.
I tested 2.8.5dev.9 and dev.13.
--
Takeshi Hataguchi
E-mail: address@hidden
diff -ru orig/lynx2-8-5/WWW/Library/Implementation/HTTP.c
lynx2-8-5/WWW/Library/Implementation/HTTP.c
--- orig/lynx2-8-5/WWW/Library/Implementation/HTTP.c Sat Jan 25 18:06:26 2003
+++ lynx2-8-5/WWW/Library/Implementation/HTTP.c Sun Jan 26 17:08:22 2003
@@ -613,19 +613,30 @@
X509_NAME_oneline(X509_get_subject_name(SSL_get_peer_certificate(handle)),
ssl_dn, sizeof(ssl_dn));
- cert_host = strstr(ssl_dn, "/CN=") + 4;
- if ((p = strchr(cert_host, '/')) != NULL)
- *p = '\0';
- ssl_host = HTParse(url, "", PARSE_HOST);
- if (strcmp(ssl_host, cert_host)) {
+ if ((cert_host = strstr(ssl_dn, "/CN=")) == NULL) {
HTSprintf0(&msg,
- gettext("SSL error:host(%s)!=cert(%s)-Continue?"),
- ssl_host,
- cert_host);
+ gettext("SSL error:Can't find common name in
certificate-Continue?"));
if (! HTConfirmDefault(msg, TRUE)) {
status = HT_NOT_LOADED;
FREE(msg);
goto done;
+ }
+ }
+ else {
+ cert_host += 4;
+ if ((p = strchr(cert_host, '/')) != NULL)
+ *p = '\0';
+ ssl_host = HTParse(url, "", PARSE_HOST);
+ if (strcmp(ssl_host, cert_host)) {
+ HTSprintf0(&msg,
+ gettext("SSL error:host(%s)!=cert(%s)-Continue?"),
+ ssl_host,
+ cert_host);
+ if (! HTConfirmDefault(msg, TRUE)) {
+ status = HT_NOT_LOADED;
+ FREE(msg);
+ goto done;
+ }
}
}
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
- lynx-dev SIGSEGV with SSL site which has no CN,
patakuti <=