Hi,
On 04-05-17 01:10, Hristo Venev wrote:
> Only fields known to OpenSSL have a NID. OBJ_txt2obj allows specifying
> fields by numeric OID.
>
> Signed-off-by: Hristo Venev <hri...@venev.name>
> ---
> src/openvpn/ssl_verify_openssl.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/src/openvpn/ssl_verify_openssl.c
> b/src/openvpn/ssl_verify_openssl.c
> index 87f71f21..b6867c65 100644
> --- a/src/openvpn/ssl_verify_openssl.c
> +++ b/src/openvpn/ssl_verify_openssl.c
> @@ -191,16 +191,24 @@ extract_x509_field_ssl(X509_NAME *x509, const char
> *field_name, char *out,
> X509_NAME_ENTRY *x509ne = 0;
> ASN1_STRING *asn1 = 0;
> unsigned char *buf = NULL;
> - int nid = OBJ_txt2nid(field_name);
> + ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0);
> +
> + if (field_name_obj == NULL)
> + {
> + msg(D_TLS_ERRORS, "Invalid X509 attribute name '%s'", field_name);
> + return FAILURE;
> + }
>
> ASSERT(size > 0);
> *out = '\0';
> do
> {
> lastpos = tmp;
> - tmp = X509_NAME_get_index_by_NID(x509, nid, lastpos);
> + tmp = X509_NAME_get_index_by_OBJ(x509, field_name_obj, lastpos);
> } while (tmp > -1);
>
> + ASN1_OBJECT_free(field_name_obj);
> +
> /* Nothing found */
> if (lastpos == -1)
> {
> Thanks for following up. ACK. -Steffan
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
