--- w3m-0.5.2/istream.c 2007-05-23 23:06:05.000000000 +0800

+++ w3m-0.5.3/istream.c 2011-01-04 17:22:22.000000000 +0800

@@ -1,4 +1,4 @@

-/* $Id: istream.c,v 1.26 2007/05/23 15:06:05 inu Exp $ */

+/* $Id: istream.c,v 1.27 2010/07/18 13:43:23 htrb Exp $ */

#include "fm.h"

#include "myctype.h"

#include "istream.h"

@@ -447,8 +447,17 @@

if (!seen_dnsname)

seen_dnsname = Strnew();

+ /* replace \0 to make full string visible to user */

+ if (sl != strlen(sn)) {

+ int i;

+ for (i = 0; i < sl; ++i) {

+ if (!sn[i])

+ sn[i] = '!';

+ }

+ }

Strcat_m_charp(seen_dnsname, sn, " ", NULL);

- if (ssl_match_cert_ident(sn, sl, hostname))

+ if (sl == strlen(sn) /* catch \0 in SAN */

+ && ssl_match_cert_ident(sn, sl, hostname))

break;

}

}

@@ -466,16 +475,27 @@

if (match_ident == FALSE && ret == NULL) {

X509_NAME *xn;

char buf[2048];

+ int slen;

xn = X509_get_subject_name(x);

- if (X509_NAME_get_text_by_NID(xn, NID_commonName,

- buf, sizeof(buf)) == -1)

+ slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));

+ if ( slen == -1)

/* FIXME: gettextize? */

ret = Strnew_charp("Unable to get common name from peer cert");

- else if (!ssl_match_cert_ident(buf, strlen(buf), hostname))

+ else if (slen != strlen(buf)

+ || !ssl_match_cert_ident(buf, strlen(buf), hostname)) {

+ /* replace \0 to make full string visible to user */

+ if (slen != strlen(buf)) {

+ int i;

+ for (i = 0; i < slen; ++i) {

+ if (!buf[i])

+ buf[i] = '!';

+ }

+ }

/* FIXME: gettextize? */

ret = Sprintf("Bad cert ident %s from %s", buf, hostname);

+ }

else

match_ident = TRUE;

}