From: Beat Bolli <dev+git@drbeat.li>
To: git@vger.kernel.org
Cc: Beat Bolli <dev+git@drbeat.li>,
Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Subject: [PATCH 3/4] imap-send: remove two string length checks
Date: Wed, 11 Mar 2026 13:11:06 +0100 [thread overview]
Message-ID: <20260311121107.1122387-4-dev+git@drbeat.li> (raw)
In-Reply-To: <20260311121107.1122387-1-dev+git@drbeat.li>
At this point, these two checks verify that the ASN1_STRINGs are
internally consistent. This may have been ok when the fields were
accessed directly, but now that the API is used, is unnecessary.
Remove the two checks.
Signed-off-by: Beat Bolli <dev+git@drbeat.li>
---
imap-send.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/imap-send.c b/imap-send.c
index 2a904314dd..2bb0003f08 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -253,8 +253,6 @@ static int verify_hostname(X509 *cert, const char *hostname)
ASN1_STRING *subj_alt_str = GENERAL_NAME_get0_value(subj_alt_name, &ntype);
if (ntype == GEN_DNS &&
- strlen((const char *)ASN1_STRING_get0_data(subj_alt_str)) ==
- ASN1_STRING_length(subj_alt_str) &&
host_matches(hostname, (const char *)ASN1_STRING_get0_data(subj_alt_str)))
found = 1;
}
@@ -270,8 +268,7 @@ static int verify_hostname(X509 *cert, const char *hostname)
(cname_entry = X509_NAME_get_entry(subj, i)) == NULL ||
(cname = X509_NAME_ENTRY_get_data(cname_entry)) == NULL)
return error("cannot get certificate common name");
- if (strlen((const char *)ASN1_STRING_get0_data(cname)) == ASN1_STRING_length(cname) &&
- host_matches(hostname, (const char *)ASN1_STRING_get0_data(cname)))
+ if (host_matches(hostname, (const char *)ASN1_STRING_get0_data(cname)))
return 0;
return error("certificate owner '%s' does not match hostname '%s'",
ASN1_STRING_get0_data(cname), hostname);
--
2.51.0
next prev parent reply other threads:[~2026-03-11 12:15 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-11 12:11 [PATCH 0/4] imap-send: modernize the OpenSSL API Beat Bolli
2026-03-11 12:11 ` [PATCH 1/4] imap-send: use the OpenSSL API to access the subject alternative names Beat Bolli
2026-03-11 12:11 ` [PATCH 2/4] imap-send: use the OpenSSL API to access the subject common name Beat Bolli
2026-03-11 12:11 ` Beat Bolli [this message]
2026-03-11 13:41 ` [PATCH 3/4] imap-send: remove two string length checks Oswald Buddenhagen
2026-03-11 21:49 ` Beat Bolli
2026-03-11 18:55 ` Junio C Hamano
2026-03-11 22:00 ` Beat Bolli
2026-03-11 12:11 ` [PATCH 4/4] imap-send: refactor function host_matches() Beat Bolli
2026-03-11 22:10 ` [PATCH v2 0/3] imap-send: modernize the OpenSSL API Beat Bolli
2026-03-12 0:25 ` Junio C Hamano
2026-03-11 22:10 ` [PATCH v2 1/3] imap-send: use the OpenSSL API to access the subject alternative names Beat Bolli
2026-03-11 22:10 ` [PATCH v2 2/3] imap-send: use the OpenSSL API to access the subject common name Beat Bolli
2026-03-11 22:10 ` [PATCH v2 3/3] imap-send: move common code into function host_matches() Beat Bolli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260311121107.1122387-4-dev+git@drbeat.li \
--to=dev+git@drbeat.li \
--cc=git@vger.kernel.org \
--cc=oswald.buddenhagen@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox