[vlc-commits] GnuTLS: fix server assertion failure in client certificate verification

Sat Jul 23 13:09:23 CEST 2011

vlc/vlc-1.1 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sat Jul 23 14:01:54 2011 +0300| [f8eedf5e04d8f622030982fb59389d07816a5a44] | committer: Rémi Denis-Courmont

GnuTLS: fix server assertion failure in client certificate verification

(cherry picked from commit 72c07065860ad8e70674714532da05e373acdc88)

Plus an extra security check.

> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.1.git/?a=commit;h=f8eedf5e04d8f622030982fb59389d07816a5a44
---

 modules/misc/gnutls.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 1b3cae8..d07103c 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -356,8 +356,8 @@ gnutls_HandshakeAndValidate( tls_session_t *session )
         goto error;
     }
 
-    assert( p_sys->psz_hostname != NULL );
-    if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
+    if( p_sys->psz_hostname != NULL
+     && !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
     {
         msg_Err( session, "Certificate does not match \"%s\"",
                  p_sys->psz_hostname );
@@ -731,7 +731,7 @@ static int OpenClient (vlc_object_t *obj)
 
     char *servername = var_GetNonEmptyString (p_session, "tls-server-name");
     if (servername == NULL )
-        msg_Err (p_session, "server name missing for TLS session");
+        abort ();
     else
         gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS,
                                 servername, strlen (servername));

