[omniORB] patch for sslConnection.cc, v2
Wei Jiang
sdjiangwei at gmail.com
Fri May 1 21:45:13 BST 2009
> Can you explain the other things? I'm not convinced it's right to try
> to translate the common name to the native code set. What if it can't be
> represented in the native code set?
383 char buf[1024];
384
385 X509_NAME_get_text_by_NID(X509_get_subject_name(peer_cert),
386 NID_commonName, buf, sizeof(buf));
387
388 pd_peeridentity = CORBA::string_dup(buf);
389 X509_free(peer_cert);
We can sign a cert without commonName using OpenSSL
.X509_NAME_get_text_by_NID will return -1 if no commonName in
peer_cert, CORBA::string_dup(buf) then copy junk from buf to
pd_peeridentity, maybe resulted Access Violation
copy from manual pages
"
NOTES
X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are legacy
functions which have various limitations which make them of minimal use
in practice. They can only find the first matching entry and will copy
the contents of the field verbatim: this can be highly confusing if the
target is a muticharacter string type like a BMPString or a UTF8String.
"
NID_commonName in peer_cert maybe encoding with any codeset that
OpenSSL supported. I think we should convert it to native codeset at
here.
More information about the omniORB-list
mailing list