Fix hostname validation in the command-line tool to honour negative return values.
authorEmilia Kasper <emilia@openssl.org>
Thu, 5 Feb 2015 15:38:54 +0000 (16:38 +0100)
committerEmilia Kasper <emilia@openssl.org>
Tue, 10 Feb 2015 14:35:20 +0000 (15:35 +0100)
commit0923e7df9eafec6db9c75405d7085ec8581f01bd
tree11b45d8564c5886867afd633ea04d3e6b56737aa
parentefb4597345a0ae31ac81f9dfb783f3eef420122b
Fix hostname validation in the command-line tool to honour negative return values.

Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
apps/apps.c
crypto/x509v3/v3_utl.c
doc/crypto/X509_check_host.pod