moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

clarify the description of the null byte in cert name fix

This commit is contained in:
Daniel Stenberg 2009-08-01 22:18:37 +00:00
parent 6d891d2a3b
commit aabf62e7d2
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -27,8 +27,10 @@ Daniel Stenberg (1 Aug 2009)
if the name in the cert was "example.com\0theatualsite.com", libcurl would
happily verify that cert for example.com.
libcurl now better use the length of the extracted name, not assuming it is
zero terminated.
libcurl now better uses the length of the extracted name, not using the zero
termination for getting the string length.
This fixing only made and needed in OpenSSL interfacing code.
- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we