Bug #8750 ยป 8750.patch
test/openssl/test_ssl.rb | ||
---|---|---|
[true, false].each do |criticality|
|
||
cert = create_null_byte_SAN_certificate(criticality)
|
||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com'))
|
||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com\0.evil.com'))
|
||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, "www.example.com\0.evil.com"))
|
||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255'))
|
||
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1'))
|
||
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17'))
|
||
... | ... | |
ext_asn1 = OpenSSL::ASN1.decode(ext.to_der)
|
||
san_list_der = ext_asn1.value.reduce(nil) { |memo,val| val.tag == 4 ? val.value : memo }
|
||
san_list_asn1 = OpenSSL::ASN1.decode(san_list_der)
|
||
san_list_asn1.value[0].value = 'www.example.com\0.evil.com'
|
||
san_list_asn1.value[0].value = "www.example.com\0.evil.com"
|
||
pos = critical ? 2 : 1
|
||
ext_asn1.value[pos].value = san_list_asn1.to_der
|
||
real_ext = OpenSSL::X509::Extension.new ext_asn1
|