From: cantor Date: Tue, 4 Aug 2009 15:38:42 +0000 (+0000) Subject: Linefeeds. X-Git-Tag: 1.4.1~224 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fxmltooling.git;a=commitdiff_plain;h=ecfc35c35d17d328658d193c883c6c5745c707f0 Linefeeds. git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/branches/REL_1@608 de75baf8-a10c-0410-a50a-987c0e22f00f --- diff --git a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp index 696aa97..e718cb8 100644 --- a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp +++ b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp @@ -255,28 +255,28 @@ bool AbstractPKIXTrustEngine::checkEntityNames( log.debug("unable to match subjectAltName, trying TLS CN match"); // Fetch the last CN RDN. - char* peer_CN = NULL; - int j,i = -1; - while ((j=X509_NAME_get_index_by_NID(subject, NID_commonName, i)) >= 0) - i = j; - if (i >= 0) { - ASN1_STRING* tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject, i)); - // Copied in from libcurl. - /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input - is already UTF-8 encoded. We check for this case and copy the raw - string manually to avoid the problem. */ - if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { - j = ASN1_STRING_length(tmp); - if(j >= 0) { - peer_CN = (char*)OPENSSL_malloc(j + 1); - memcpy(peer_CN, ASN1_STRING_data(tmp), j); - peer_CN[j] = '\0'; - } - } - else /* not a UTF8 name */ { - j = ASN1_STRING_to_UTF8(reinterpret_cast(&peer_CN), tmp); - } - + char* peer_CN = NULL; + int j,i = -1; + while ((j=X509_NAME_get_index_by_NID(subject, NID_commonName, i)) >= 0) + i = j; + if (i >= 0) { + ASN1_STRING* tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject, i)); + // Copied in from libcurl. + /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input + is already UTF-8 encoded. We check for this case and copy the raw + string manually to avoid the problem. */ + if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { + j = ASN1_STRING_length(tmp); + if(j >= 0) { + peer_CN = (char*)OPENSSL_malloc(j + 1); + memcpy(peer_CN, ASN1_STRING_data(tmp), j); + peer_CN[j] = '\0'; + } + } + else /* not a UTF8 name */ { + j = ASN1_STRING_to_UTF8(reinterpret_cast(&peer_CN), tmp); + } + for (set::const_iterator n=trustednames.begin(); n!=trustednames.end(); n++) { #ifdef HAVE_STRCASECMP if (n->length() == j && !strncasecmp(peer_CN, n->c_str(), j)) { @@ -284,17 +284,17 @@ bool AbstractPKIXTrustEngine::checkEntityNames( if (n->length() == j && !strnicmp(peer_CN, n->c_str(), j)) { #endif log.debug("matched subject CN to a key name (%s)", n->c_str()); - if(peer_CN) - OPENSSL_free(peer_CN); + if(peer_CN) + OPENSSL_free(peer_CN); return true; } } - if(peer_CN) - OPENSSL_free(peer_CN); + if(peer_CN) + OPENSSL_free(peer_CN); } else { log.warn("no common name in certificate subject"); - } + } } else { log.error("certificate has no subject?!"); diff --git a/xmltooling/util/CurlURLInputStream.h b/xmltooling/util/CurlURLInputStream.h index e397331..6dfd02d 100644 --- a/xmltooling/util/CurlURLInputStream.h +++ b/xmltooling/util/CurlURLInputStream.h @@ -98,8 +98,8 @@ namespace xmltooling { void init(const xercesc::DOMElement* e=NULL); bool readMore(int *runningHandles); - logging::Category& fLog; - std::string fURL; + logging::Category& fLog; + std::string fURL; CURLM* fMulti; CURL* fEasy;