[omniORB] patch for sslConnection.cc, v2

Wei Jiang sdjiangwei at gmail.com
Fri May 1 21:45:13 BST 2009


> Can you explain the other things?  I'm not convinced it's right to try
> to translate the common name to the native code set. What if it can't be
> represented in the native code set?

  383     char buf[1024];
  384
  385     X509_NAME_get_text_by_NID(X509_get_subject_name(peer_cert),
  386 			      NID_commonName, buf, sizeof(buf));
  387
  388     pd_peeridentity = CORBA::string_dup(buf);
  389     X509_free(peer_cert);

We can sign a cert without commonName using OpenSSL
.X509_NAME_get_text_by_NID will return -1 if no commonName in
peer_cert, CORBA::string_dup(buf) then copy junk from buf to
pd_peeridentity, maybe resulted Access Violation


copy from manual pages
"
NOTES
       X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are legacy
       functions which have various limitations which make them of minimal use
       in practice. They can only find the first matching entry and will copy
       the contents of the field verbatim: this can be highly confusing if the
       target is a muticharacter string type like a BMPString or a UTF8String.
"
 NID_commonName in peer_cert maybe encoding with any codeset that
OpenSSL supported. I think we should convert it to native codeset at
here.



More information about the omniORB-list mailing list