#3899: mutt_ssl's interactive_check_cert() has several issues
-----------------------+----------------------
Reporter: kevin8t8 | Owner: mutt-dev
Type: defect | Status: closed
Priority: major | Milestone:
Component: crypto | Version:
Resolution: fixed | Keywords:
-----------------------+----------------------
Changes (by Kevin McCarthy <kevin@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"1a2dc7b21b5b93806f6e63447e5014f009e98a54"
6876:1a2dc7b21b5b]:
{{{
#!CommitTicketReference repository=""
revision="1a2dc7b21b5b93806f6e63447e5014f009e98a54"
Improve openssl interactive_check_cert. (closes #3899)
Don't use X509_NAME_oneline() with a fixed size buffer, which could
truncate the string, perhaps leaving off the CN field entirely.
Instead, work directly off the X509_NAME.
Rather than use strstr to tokenize it, call
X509_NAME_get_text_by_NID() with the nid types. Although
X509_NAME_get_text_by_NID() is "legacy", it is the most directly
useful for mutt in this simple interactive prompt.
The function was set up to include the ST and C fields in the prompt,
but the loop limit was too low. I believe this was an oversight, so
increase the loop to include those two fields.
}}}
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3899#comment:8>
Mutt <http://www.mutt.org/>
The Mutt mail user agent