Project

General

Profile

« Previous | Next » 

Revision ce8c46b4

Added by usa (Usaku NAKAMURA) over 10 years ago

merge revision(s) 41805: [Backport #8575]

    * lib/openssl/ssl.rb: Fix SSL client connection crash for SAN marked
      critical.
      The patch for CVE-2013-4073 caused SSL crash when a SSL server returns
      the certificate that has critical SAN value.  X509 extension could
      include 2 or 3 elements in it:
      [id, criticality, octet_string] if critical,
      [id, octet_string] if not.
      Making sure to pick the last element of X509 extension and use it as
      SAN value.
      [ruby-core:55685] [Bug #8575]
      Thank you @nahi for providing the patch!

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@42016 b2dd03c8-39d4-4d8f-98ff-823fe69b080e