From c47559dc34fd1e93c467664270ec9aef5693ba5c Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Wed, 5 Aug 2009 22:55:43 +0000 Subject: Use sdump to display non-printing characters in certificate subject names. svn path=/branches/BRANCH_6-3/; revision=5393 --- NEWS | 3 +++ socket.c | 20 ++++++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 701339a2..46d97ea2 100644 --- a/NEWS +++ b/NEWS @@ -60,6 +60,9 @@ fetchmail 6.3.11 (released XXXX-XX-XX - i. e. not yet): * Remove the spurious message "message delimiter found while scanning headers". RFC-5322 syntax states that the delimiter is part of the body, and the body is optional. +* Convert all non-printable characters in certificate Subject/Issuer + Common Name or Subject Alternative Name fields to ANSI-C hex escapes (\xnn, + where nn are hex digits). # TRANSLATION UPDATES AND ADDITIONS (ordered by language name): * [zh_CN] Chinese/Simplified (Ji ZhengYu) diff --git a/socket.c b/socket.c index 45f03a6b..dd025356 100644 --- a/socket.c +++ b/socket.c @@ -52,6 +52,7 @@ #include "fetchmail.h" #include "getaddrinfo.h" #include "i18n.h" +#include "sdump.h" /* Defines to allow BeOS and Cygwin to play nice... */ #ifdef __BEOS__ @@ -598,6 +599,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) const EVP_MD *digest_tp; unsigned int dsz, esz; X509_NAME *subj, *issuer; + char *tt; x509_cert = X509_STORE_CTX_get_current_cert(ctx); err = X509_STORE_CTX_get_error(ctx); @@ -611,13 +613,15 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) if (outlevel >= O_VERBOSE) { if ((i = X509_NAME_get_text_by_NID(issuer, NID_organizationName, buf, sizeof(buf))) != -1) { - report(stdout, GT_("Issuer Organization: %s\n"), buf); + report(stdout, GT_("Issuer Organization: %s\n"), (tt = sdump(buf, i))); + xfree(tt); if ((size_t)i >= sizeof(buf) - 1) report(stdout, GT_("Warning: Issuer Organization Name too long (possibly truncated).\n")); } else report(stdout, GT_("Unknown Organization\n")); if ((i = X509_NAME_get_text_by_NID(issuer, NID_commonName, buf, sizeof(buf))) != -1) { - report(stdout, GT_("Issuer CommonName: %s\n"), buf); + report(stdout, GT_("Issuer CommonName: %s\n"), (tt = sdump(buf, i))); + xfree(tt); if ((size_t)i >= sizeof(buf) - 1) report(stdout, GT_("Warning: Issuer CommonName too long (possibly truncated).\n")); } else @@ -625,7 +629,8 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) } if ((i = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, sizeof(buf))) != -1) { if (outlevel >= O_VERBOSE) - report(stdout, GT_("Server CommonName: %s\n"), buf); + report(stdout, GT_("Server CommonName: %s\n"), (tt = sdump(buf, i))); + xfree(tt); if ((size_t)i >= sizeof(buf) - 1) { /* Possible truncation. In this case, this is a DNS name, so this * is really bad. We do not tolerate this even in the non-strict case. */ @@ -662,8 +667,10 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) sk_GENERAL_NAME_free(gens); return 0; } - if (outlevel >= O_VERBOSE) - report(stdout, GT_("Subject Alternative Name: %s\n"), p1); + if (outlevel >= O_VERBOSE) { + report(stdout, GT_("Subject Alternative Name: %s\n"), (tt = sdump(p1, (size_t)gn->d.ia5->length))); + xfree(tt); + } if (*p1 == '*') { ++p1; n = strlen(p2) - strlen(p1); @@ -689,7 +696,8 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) if (!matched) { report(stderr, GT_("Server CommonName mismatch: %s != %s\n"), - buf, _ssl_server_cname ); + (tt = sdump(buf, i)), _ssl_server_cname ); + xfree(tt); if (ok_return && strict) return (0); } -- cgit v1.2.3