Only fields known to OpenSSL have a NID. OBJ_txt2obj allows specifying a numeric OID.
Signed-off-by: Hristo Venev <hri...@venev.name>
---
src/openvpn/ssl_verify_openssl.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 87f71f21..114cf39c 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -191,16 +191,23 @@ extract_x509_field_ssl(X509_NAME *x509, const char
*field_name, char *out,
X509_NAME_ENTRY *x509ne = 0;
ASN1_STRING *asn1 = 0;
unsigned char *buf = NULL;
- int nid = OBJ_txt2nid(field_name);
+ ASN1_OBJECT *obj = OBJ_txt2obj(field_name, 0);
+
+ if (obj == NULL)
+ {
+ crypto_msg(M_FATAL, "Cannot get ASN1_OBJECT for %s", field_name);
+ }
ASSERT(size > 0);
*out = '\0';
do
{
lastpos = tmp;
- tmp = X509_NAME_get_index_by_NID(x509, nid, lastpos);
+ tmp = X509_NAME_get_index_by_OBJ(x509, obj, lastpos);
} while (tmp > -1);
+ ASN1_OBJECT_free(obj);
+
/* Nothing found */
if (lastpos == -1)
{
--
2.12.2
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
