RT3662: Allow leading . in nameConstraints

Change by SteveH from original by John Denker (in the RT) Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1)
author: Dr. Stephen Henson <steve@openssl.org> 2015-01-06 15:29:28 -0500
committer: Rich Salz <rsalz@openssl.org> 2015-01-10 16:03:05 -0500
commit: 8fb2c9922a9c598fb34369a1f9f3cacb3a394eec (patch)
tree: 513d10daac5f826072c208e5c26c283c2cdfd6ed
parent: a97c208c5ad7e7e339eb4683819718100cd92b29 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index a01dc64dd2..3b0f1bd1bd 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -401,7 +401,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
 	if (dns->length > base->length)
 		{
 		dnsptr += dns->length - base->length;
-		if (dnsptr[-1] != '.')
+		if (*baseptr != '.' && dnsptr[-1] != '.')
 			return X509_V_ERR_PERMITTED_VIOLATION;
 		}
author	Dr. Stephen Henson <steve@openssl.org>	2015-01-06 15:29:28 -0500
committer	Rich Salz <rsalz@openssl.org>	2015-01-10 16:03:05 -0500
commit	8fb2c9922a9c598fb34369a1f9f3cacb3a394eec (patch)
tree	513d10daac5f826072c208e5c26c283c2cdfd6ed
parent	a97c208c5ad7e7e339eb4683819718100cd92b29 (diff)