From 4b627903047bbb74804f05fc7039c25b4ff1cc96 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Wed, 5 Aug 2009 23:43:28 +0000 Subject: Clearsign fetchmail-SA-2009-01.txt. svn path=/branches/BRANCH_6-3/; revision=5398 --- fetchmail-SA-2009-01.txt | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/fetchmail-SA-2009-01.txt b/fetchmail-SA-2009-01.txt index f1293e53..de94187a 100644 --- a/fetchmail-SA-2009-01.txt +++ b/fetchmail-SA-2009-01.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2009-01: Improper SSL certificate subject verification Topics: Improper SSL certificate subject verification @@ -129,7 +132,7 @@ so try this if the patch does not apply. Index: socket.c =================================================================== ---- ./socket.c~ +- --- ./socket.c~ +++ ./socket.c @@ -632,6 +632,12 @@ report(stderr, GT_("Bad certificate: Subject CommonName too long!\n")); @@ -148,9 +151,9 @@ Index: socket.c * first find a match among alternative names */ gens = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i(x509_cert, NID_subject_alt_name, NULL, NULL); if (gens) { -- int i, r; -- for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) { -- const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i); +- - int i, r; +- - for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) { +- - const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i); + int j, r; + for (j = 0, r = sk_GENERAL_NAME_num(gens); j < r; ++j) { + const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, j); @@ -168,3 +171,10 @@ Index: socket.c report(stderr, "Subject Alternative Name: %s\n", p1); END OF fetchmail-SA-2009-01.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.9 (GNU/Linux) + +iEYEARECAAYFAkp6GP8ACgkQvmGDOQUufZVuQwCgsD/kO/+KHC0/gopx/uiQr9V7 +mXAAnjH6G5DfcxAjCzjmt9DKZHGsqoNv +=6zGh +-----END PGP SIGNATURE----- -- cgit v1.2.3