Changes between Initial Version and Version 1 of Ticket #65297, comment 1


Ignore:
Timestamp:
Jun 4, 2022, 11:16:59 PM (2 years ago)
Author:
steven-michaud (Steven Michaud)
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #65297, comment 1

    initial v1  
    11Here's pseudo-code to show how `ssl_validate_cert()` currently works (on Openssl 1.1.0 or greater):
    22
     3{{{
    34for (each field in `cert`'s "subject name") {
    45  var ret = NIL
     
    1819  }
    1920}
     21}}}
    2022
    2123This is badly messed up. If `cert` doesn't have any `subject_alt_name` extensions, `ssl_validate_cert()` fails at the first "subject name" field that doesn't match `host`. Even if it does have these extensions, and one matches, `ssl_validate_cert()` unnecessarily continues iterating through the "subject name" fields.