9 lat temu · aab2472390
--- a/src/LibgnutlsTLSSession.cc
+++ b/src/LibgnutlsTLSSession.cc
@@ -313,6 +313,17 @@ int GnuTLSSession::tlsConnect(const std::string& hostname, TLSVersion& version,
 
				       ret = gnutls_x509_crt_get_subject_alt_name(cert, i, altName, &altNameLen,
			
 
				                                                  nullptr);
			
 
				       if (ret == GNUTLS_SAN_DNSNAME) {
			
 
				+        if (altNameLen == 0) {
			
 
				+          continue;
			
 
				+        }
			
 
				+
			
 
				+        if (altName[altNameLen - 1] == '.') {
			
 
				+          --altNameLen;
			
 
				+          if (altNameLen == 0) {
			
 
				+            continue;
			
 
				+          }
			
 
				+        }
			
 
				+
			
 
				         dnsNames.push_back(std::string(altName, altNameLen));
			
 
				       }
			
 
				       else if (ret == GNUTLS_SAN_IPADDRESS) {
			
@@ -323,7 +334,14 @@ int GnuTLSSession::tlsConnect(const std::string& hostname, TLSVersion& version,
 
				     ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
			
 
				                                         altName, &altNameLen);
			
 
				     if (ret == 0) {
			
 
				-      commonName.assign(altName, altNameLen);
			
 
				+      if (altNameLen > 0) {
			
 
				+        if (altName[altNameLen - 1] == '.') {
			
 
				+          --altNameLen;
			
 
				+          if (altNameLen > 0) {
			
 
				+            commonName.assign(altName, altNameLen);
			
 
				+          }
			
 
				+        }
			
 
				+      }
			
 
				     }
			
 
				     if (!net::verifyHostname(hostname, dnsNames, ipAddrs, commonName)) {
			
 
				       handshakeErr = "hostname does not match";
			
--- a/src/LibsslTLSSession.cc
+++ b/src/LibsslTLSSession.cc
@@ -259,6 +259,15 @@ int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
 
				             continue;
			
 
				           }
			
 
				           size_t len = ASN1_STRING_length(altName->d.ia5);
			
 
				+          if (len == 0) {
			
 
				+            continue;
			
 
				+          }
			
 
				+          if (name[len - 1] == '.') {
			
 
				+            --len;
			
 
				+            if (len == 0) {
			
 
				+              continue;
			
 
				+            }
			
 
				+          }
			
 
				           dnsNames.push_back(std::string(name, len));
			
 
				         }
			
 
				         else if (altName->type == GEN_IPADD) {
			
@@ -290,6 +299,17 @@ int OpenSSLTLSSession::tlsConnect(const std::string& hostname,
 
				       if (outlen < 0) {
			
 
				         continue;
			
 
				       }
			
 
				+      if (outlen == 0) {
			
 
				+        OPENSSL_free(out);
			
 
				+        continue;
			
 
				+      }
			
 
				+      if (out[outlen - 1] == '.') {
			
 
				+        --outlen;
			
 
				+        if (outlen == 0) {
			
 
				+          OPENSSL_free(out);
			
 
				+          continue;
			
 
				+        }
			
 
				+      }
			
 
				       commonName.assign(&out[0], &out[outlen]);
			
 
				       OPENSSL_free(out);
			
 
				       break;