Patch curl certificate CN verification
From 911714d617
Fixes https://github.com/NixOS/nixpkgs/issues/167971
This commit is contained in:
parent
c3a33d9bb4
commit
0fad2b34c4
2 changed files with 31 additions and 0 deletions
30
pkgs/tools/networking/curl/7.82.0-openssl-fix-CN-check.patch
Normal file
30
pkgs/tools/networking/curl/7.82.0-openssl-fix-CN-check.patch
Normal file
|
@ -0,0 +1,30 @@
|
|||
From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 8 Mar 2022 13:38:13 +0100
|
||||
Subject: [PATCH] openssl: fix CN check error code
|
||||
|
||||
Due to a missing 'else' this returns error too easily.
|
||||
|
||||
Regressed in: d15692ebb
|
||||
|
||||
Reported-by: Kristoffer Gleditsch
|
||||
Fixes #8559
|
||||
Closes #8560
|
||||
---
|
||||
lib/vtls/openssl.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
||||
index 0b79fc50a9c5..4618beeb3867 100644
|
||||
--- a/lib/vtls/openssl.c
|
||||
+++ b/lib/vtls/openssl.c
|
||||
@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
|
||||
memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
|
||||
peer_CN[peerlen] = '\0';
|
||||
}
|
||||
- result = CURLE_OUT_OF_MEMORY;
|
||||
+ else
|
||||
+ result = CURLE_OUT_OF_MEMORY;
|
||||
}
|
||||
}
|
||||
else /* not a UTF8 name */
|
|
@ -66,6 +66,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
patches = [
|
||||
./7.79.1-darwin-no-systemconfiguration.patch
|
||||
./7.82.0-openssl-fix-CN-check.patch
|
||||
];
|
||||
|
||||
outputs = [ "bin" "dev" "out" "man" "devdoc" ];
|
||||
|
|
Loading…
Reference in a new issue