mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-02-23 15:10:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

clarify the description of the null byte in cert name fix

Browse Source
This commit is contained in:
Daniel Stenberg 2009-08-01 22:18:37 +00:00
parent 6d891d2a3b
commit aabf62e7d2
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -27,8 +27,10 @@ Daniel Stenberg (1 Aug 2009)
if the name in the cert was "example.com\0theatualsite.com", libcurl would if the name in the cert was "example.com\0theatualsite.com", libcurl would
happily verify that cert for example.com. happily verify that cert for example.com.
libcurl now better use the length of the extracted name, not assuming it is libcurl now better uses the length of the extracted name, not using the zero
zero terminated. termination for getting the string length.
This fixing only made and needed in OpenSSL interfacing code.
- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we only in some OpenSSL installs - like on Windows) isn't thread-safe and we