diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-01-06 15:29:28 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-01-10 16:03:05 -0500 |
commit | 8fb2c9922a9c598fb34369a1f9f3cacb3a394eec (patch) | |
tree | 513d10daac5f826072c208e5c26c283c2cdfd6ed | |
parent | a97c208c5ad7e7e339eb4683819718100cd92b29 (diff) |
RT3662: Allow leading . in nameConstraints
Change by SteveH from original by John Denker (in the RT)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1)
-rw-r--r-- | crypto/x509v3/v3_ncons.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index a01dc64dd2..3b0f1bd1bd 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -401,7 +401,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) if (dns->length > base->length) { dnsptr += dns->length - base->length; - if (dnsptr[-1] != '.') + if (*baseptr != '.' && dnsptr[-1] != '.') return X509_V_ERR_PERMITTED_VIOLATION; } |