(ITS#5361) cert verification failures with GnuTLS and DNS subjectAltName

Howard Chu hyc at symas.com
Sat Feb 16 21:25:34 CET 2008

Nikos Mavrogiannopoulos wrote:
> On Friday 15 February 2008, Howard Chu wrote:
>>> Anyway, does the attached
>>> patch solve your problem?
>> Not really. It still returns a size one byte larger than expected for the
>> strings. Even in languages where NUL-terminated strings are the norm, the
>> terminating byte is not included in the length.
>> The point is, we expect this API to return exactly the data that was in the
>> certificate. If the caller wants to treat the data as a string, they can
>> NUL-terminate it themselves. The manpage only says that the data will be
>> returned, it does not say that it will be altered in any way.
> Actually you are right. The return value shouldn't be increased (this also
> happens in the other similar functions). I've corrected the patch and
> commited at:
> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=4cc3c6b6ed00660e55559bab148021fc077da21f

Thanks. That looks ok to me.

   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

More information about the Gnutls-devel mailing list