You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2019/02/11 21:18:19 UTC
[trafficserver] branch 8.0.x updated: Allows the use of certs with
no commonName, but with subjectAltNames
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.0.x by this push:
new 00f66f5 Allows the use of certs with no commonName, but with subjectAltNames
00f66f5 is described below
commit 00f66f5186d6993b1f190cbdf6a23c88a232064f
Author: Randall Meyer <ra...@yahoo.com>
AuthorDate: Wed Nov 7 14:26:32 2018 -0800
Allows the use of certs with no commonName, but with subjectAltNames
(cherry picked from commit 458fdb634211801a59de27d284c729c2f84a6e50)
---
iocore/net/SSLUtils.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 67aea04..6b9d8c0 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1486,7 +1486,7 @@ ssl_index_certificate(SSLCertLookup *lookup, SSLCertContext const &cc, X509 *cer
if (name->type == GEN_DNS) {
ats_scoped_str dns(asn1_strdup(name->d.dNSName));
// only try to insert if the alternate name is not the main name
- if (strcmp(dns, subj_name) != 0) {
+ if (subj_name == nullptr || strcmp(dns, subj_name) != 0) {
Debug("ssl", "mapping '%s' to certificates %s", (const char *)dns, certname);
if (lookup->insert(dns, cc) >= 0) {
inserted = true;