----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/11354/#review20953 -----------------------------------------------------------
Ship it! Ship It! - Gordon Sim On May 23, 2013, 9:24 p.m., Kenneth Giusti wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/11354/ > ----------------------------------------------------------- > > (Updated May 23, 2013, 9:24 p.m.) > > > Review request for qpid and Gordon Sim. > > > Description > ------- > > When a client provides an identifying certificate that does not contain a > CommonName entry in the subject, the CERT_GetCommonName() method returns a > NULL pointer. > > This fix checks for that null pointer, and returns an empty ("") client auth > id in that case. From a security/functionality point of view, I think > setting the auth-id to an empty string when CN is not present can be > considered valid. > > > This addresses bug qpid-4883. > https://issues.apache.org/jira/browse/qpid-4883 > > > Diffs > ----- > > /trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp 1485741 > > Diff: https://reviews.apache.org/r/11354/diff/ > > > Testing > ------- > > crash reproducer + unit tests. > > > Thanks, > > Kenneth Giusti > >
