Message194959
OpenSSL's print() functions fail to handle the NULL byte in subjectAltName (SAN) general names as they use strlen() or printf() functions with "%s" format char. The subject and issuer elements with NULL bytes are handled correctly by OpenSSL.
wget and curl combine CN / SAN parsing and hostname matching in one function. Both report an error when they see a NULL byte in a dNSName (strlen(dNSName) != lengtt of ASN1_STRING).
Python has separate functions for retrieving the X.509 information and matching a hostname against CN / SAN. I like to keep it that way and just for our parsing code in this bug. Latter ssl.match_hostname() can check for NULL bytes and raise an exception, but that's a different issue. |
|
Date |
User |
Action |
Args |
2013-08-12 13:14:14 | christian.heimes | set | recipients:
+ christian.heimes, barry, vstinner |
2013-08-12 13:14:14 | christian.heimes | set | messageid: <1376313254.64.0.104436386224.issue18709@psf.upfronthosting.co.za> |
2013-08-12 13:14:14 | christian.heimes | link | issue18709 messages |
2013-08-12 13:14:14 | christian.heimes | create | |
|