oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(hx509_verify_path): verify proxy certificate have no san or ian

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17252 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-04-26 12:36:49 +00:00
parent 253352539c
commit 1b98d3a6ff
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/hx509/cert.c
View File

@@ -1291,6 +1291,7 @@ hx509_verify_path(hx509_context context,
ProxyCertInfo info; ProxyCertInfo info;
if (proxy_cert_p(c, &info)) { if (proxy_cert_p(c, &info)) {
int j;
if (info.pCPathLenConstraint != NULL && if (info.pCPathLenConstraint != NULL &&
*info.pCPathLenConstraint > i) *info.pCPathLenConstraint > i)
@@ -1299,6 +1300,24 @@ hx509_verify_path(hx509_context context,
ret = HX509_PATH_TOO_LONG; ret = HX509_PATH_TOO_LONG;
goto out; goto out;
} }
j = 0;
if (find_extension(c, oid_id_x509_ce_subjectAltName(), &j)) {
free_ProxyCertInfo(&info);
ret = HX509_PROXY_CERT_INVALID;
goto out;
}
j = 0;
if (find_extension(c, oid_id_x509_ce_issuerAltName(), &j)) {
free_ProxyCertInfo(&info);
ret = HX509_PROXY_CERT_INVALID;
goto out;
}
/* XXX verify issuer name */
free_ProxyCertInfo(&info); free_ProxyCertInfo(&info);
break; break;
} }