Changes between Initial Version and Version 1 of Ticket #65297, comment 1
- Timestamp:
- Jun 4, 2022, 11:16:59 PM (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #65297, comment 1
initial v1 1 1 Here's pseudo-code to show how `ssl_validate_cert()` currently works (on Openssl 1.1.0 or greater): 2 2 3 {{{ 3 4 for (each field in `cert`'s "subject name") { 4 5 var ret = NIL … … 18 19 } 19 20 } 21 }}} 20 22 21 23 This is badly messed up. If `cert` doesn't have any `subject_alt_name` extensions, `ssl_validate_cert()` fails at the first "subject name" field that doesn't match `host`. Even if it does have these extensions, and one matches, `ssl_validate_cert()` unnecessarily continues iterating through the "subject name" fields.