diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-01-06 15:29:28 -0500 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-01-06 15:29:28 -0500 |
| commit | 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1 (patch) | |
| tree | 0949505186dda05681fd72f4e79462c478470a46 /crypto/x509v3 | |
| parent | a09474dd2df89d5719b58bf6b3110344ea046ab9 (diff) | |
RT3662: Allow leading . in nameConstraints
Change by SteveH from original by John Denker (in the RT)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/x509v3')
| -rw-r--r-- | crypto/x509v3/v3_ncons.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 06520fee41..25c1855149 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -405,7 +405,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) if (dns->length > base->length) { dnsptr += dns->length - base->length; - if (dnsptr[-1] != '.') + if (*baseptr != '.' && dnsptr[-1] != '.') return X509_V_ERR_PERMITTED_VIOLATION; } |