20034N/A--- w3m-0.5.2/istream.c 2007-05-23 23:06:05.000000000 +0800
20034N/A+++ w3m-0.5.3/istream.c 2011-01-04 17:22:22.000000000 +0800
20034N/A@@ -1,4 +1,4 @@
20034N/A-/* $Id: istream.c,v 1.26 2007/05/23 15:06:05 inu Exp $ */
20034N/A+/* $Id: istream.c,v 1.27 2010/07/18 13:43:23 htrb Exp $ */
20034N/A #include "fm.h"
20034N/A #include "myctype.h"
20034N/A #include "istream.h"
20034N/A@@ -447,8 +447,17 @@
20034N/A
20034N/A if (!seen_dnsname)
20034N/A seen_dnsname = Strnew();
20034N/A+ /* replace \0 to make full string visible to user */
20034N/A+ if (sl != strlen(sn)) {
20034N/A+ int i;
20034N/A+ for (i = 0; i < sl; ++i) {
20034N/A+ if (!sn[i])
20034N/A+ sn[i] = '!';
20034N/A+ }
20034N/A+ }
20034N/A Strcat_m_charp(seen_dnsname, sn, " ", NULL);
20034N/A- if (ssl_match_cert_ident(sn, sl, hostname))
20034N/A+ if (sl == strlen(sn) /* catch \0 in SAN */
20034N/A+ && ssl_match_cert_ident(sn, sl, hostname))
20034N/A break;
20034N/A }
20034N/A }
20034N/A@@ -466,16 +475,27 @@
20034N/A if (match_ident == FALSE && ret == NULL) {
20034N/A X509_NAME *xn;
20034N/A char buf[2048];
20034N/A+ int slen;
20034N/A
20034N/A xn = X509_get_subject_name(x);
20034N/A
20034N/A- if (X509_NAME_get_text_by_NID(xn, NID_commonName,
20034N/A- buf, sizeof(buf)) == -1)
20034N/A+ slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));
20034N/A+ if ( slen == -1)
20034N/A /* FIXME: gettextize? */
20034N/A ret = Strnew_charp("Unable to get common name from peer cert");
20034N/A- else if (!ssl_match_cert_ident(buf, strlen(buf), hostname))
20034N/A+ else if (slen != strlen(buf)
20034N/A+ || !ssl_match_cert_ident(buf, strlen(buf), hostname)) {
20034N/A+ /* replace \0 to make full string visible to user */
20034N/A+ if (slen != strlen(buf)) {
20034N/A+ int i;
20034N/A+ for (i = 0; i < slen; ++i) {
20034N/A+ if (!buf[i])
20034N/A+ buf[i] = '!';
20034N/A+ }
20034N/A+ }
20034N/A /* FIXME: gettextize? */
20034N/A ret = Sprintf("Bad cert ident %s from %s", buf, hostname);
20034N/A+ }
20034N/A else
20034N/A match_ident = TRUE;
20034N/A }