SSL: explicit handling of empty names.

author Maxim Dounin <mdounin@mdounin.ru>

Wed, 23 Apr 2014 16:31:31 +0000 (20:31 +0400)

committer Maxim Dounin <mdounin@mdounin.ru>

Wed, 23 Apr 2014 16:31:31 +0000 (20:31 +0400)
author Maxim Dounin <mdounin@mdounin.ru>
Wed, 23 Apr 2014 16:31:31 +0000 (20:31 +0400)
committer Maxim Dounin <mdounin@mdounin.ru>
Wed, 23 Apr 2014 16:31:31 +0000 (20:31 +0400)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c

index f885a5c7f5d947ca37ce618e20d06b860994b88c..88472fc90c1e9b43d9c7a3dcb2bcbf92249bf903 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2504,6 +2504,10 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
  
      /* X509_check_host() is only available in OpenSSL 1.0.2+ */
  
+    if (name->len == 0) {
+        goto failed;
+    }
+
      if (X509_check_host(cert, name->data, name->len, 0) != 1) {
          ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
                         "X509_check_host(): no match");
author	Maxim Dounin <mdounin@mdounin.ru>
	Wed, 23 Apr 2014 16:31:31 +0000 (20:31 +0400)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Wed, 23 Apr 2014 16:31:31 +0000 (20:31 +0400)