summary refs log tree commit diff
path: root/tls_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'tls_verify.c')
-rw-r--r--tls_verify.c26
1 files changed, 15 insertions, 11 deletions
diff --git a/tls_verify.c b/tls_verify.c
index dbc37d8..0cb86f6 100644
--- a/tls_verify.c
+++ b/tls_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_verify.c,v 1.20 2018/02/05 00:52:24 jsing Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.23 2023/05/11 07:35:27 tb Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  *
@@ -115,7 +115,7 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
 
 	count = sk_GENERAL_NAME_num(altname_stack);
 	for (i = 0; i < count; i++) {
-		GENERAL_NAME	*altname;
+		GENERAL_NAME *altname;
 
 		altname = sk_GENERAL_NAME_value(altname_stack, i);
 
@@ -126,8 +126,8 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
 			continue;
 
 		if (type == GEN_DNS) {
-			const unsigned char	*data;
-			int		 format, len;
+			const unsigned char *data;
+			int format, len;
 
 			format = ASN1_STRING_type(altname->d.dNSName);
 			if (format == V_ASN1_IA5STRING) {
@@ -171,8 +171,8 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
 			}
 
 		} else if (type == GEN_IPADD) {
-			const unsigned char	*data;
-			int		 datalen;
+			const unsigned char *data;
+			int datalen;
 
 			datalen = ASN1_STRING_length(altname->d.iPAddress);
 			data = ASN1_STRING_get0_data(altname->d.iPAddress);
@@ -209,7 +209,7 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 	char *common_name = NULL;
 	union tls_addr addrbuf;
 	int common_name_len;
-	int rv = 0;
+	int rv = -1;
 
 	*cn_match = 0;
 
@@ -223,8 +223,10 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 		goto done;
 
 	common_name = calloc(common_name_len + 1, 1);
-	if (common_name == NULL)
-		goto done;
+	if (common_name == NULL) {
+		tls_set_error(ctx, "out of memory");
+		goto err;
+	}
 
 	X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
 	    common_name_len + 1);
@@ -235,8 +237,7 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 		tls_set_errorx(ctx, "error verifying name '%s': "
 		    "NUL byte in Common Name field, "
 		    "probably a malicious certificate", name);
-		rv = -1;
-		goto done;
+		goto err;
 	}
 
 	/*
@@ -254,6 +255,9 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 		*cn_match = 1;
 
  done:
+	rv = 0;
+
+ err:
 	free(common_name);
 	return rv;
 }