aboutsummaryrefslogtreecommitdiff
path: root/lib/nonblock.h
diff options
context:
space:
mode:
authorDan McNulty <dmcnulty@pingidentity.com>2016-09-09 16:56:02 -0500
committerDaniel Stenberg <daniel@haxx.se>2016-12-19 07:53:20 +0100
commit0354eed41085baa5ba8777019ebf5e9ef32c001d (patch)
treeae58964e7809171b0323c7481038049225347008 /lib/nonblock.h
parent3ab3c16db6a5674f53cf23d56512a405fde0b2c9 (diff)
schannel: fix wildcard cert name validation on Win CE
Fixes a few issues in manual wildcard cert name validation in schannel support code for Win32 CE: - when comparing the wildcard name to the hostname, the wildcard character was removed from the cert name and the hostname was checked to see if it ended with the modified cert name. This allowed cert names like *.com to match the connection hostname. This violates recommendations from RFC 6125. - when the wildcard name in the certificate is longer than the connection hostname, a buffer overread of the connection hostname buffer would occur during the comparison of the certificate name and the connection hostname.
Diffstat (limited to 'lib/nonblock.h')
0 files changed, 0 insertions, 0 deletions