commit | 824f7f366d1b54d2d3100c3130c04cf1dfb4b47c | [log] [tgz] |
---|---|---|
author | Christian Heimes <christian@cheimes.de> | Sat Aug 17 00:54:47 2013 +0200 |
committer | Christian Heimes <christian@cheimes.de> | Sat Aug 17 00:54:47 2013 +0200 |
tree | 7ad3483f5c37f77f2d0aa79772c0d07e2c5394dd | |
parent | 29c3fc5d8f9e14e10783ab0ecc1bd15e1144cd07 [diff] |
Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).