diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-06-12 20:26:27 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-06-29 08:32:58 +0200 |
| commit | dce27129b74f906e0d1c086858f360228d5cbc83 (patch) | |
| tree | e9ccf1d96bd1059c54c1930271a957a13d9cf5ca /src/irmd/oap/auth.c | |
| parent | 977bcac2d56a8793ed93b4aac7016ef36b51a07f (diff) | |
| download | ouroboros-dce27129b74f906e0d1c086858f360228d5cbc83.tar.gz ouroboros-dce27129b74f906e0d1c086858f360228d5cbc83.zip | |
irmd: Reject OAP peer crt with unusable CN
Added checks for CN > NAME_SIZE.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/oap/auth.c')
| -rw-r--r-- | src/irmd/oap/auth.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/irmd/oap/auth.c b/src/irmd/oap/auth.c index ebe1949b..60bd5f97 100644 --- a/src/irmd/oap/auth.c +++ b/src/irmd/oap/auth.c @@ -266,9 +266,13 @@ int oap_auth_peer(char * name, goto fail_pin; } - if (crypt_get_crt_name(crt, name) < 0) { - log_warn_id(id, "Failed to extract name from certificate."); - name[0] = '\0'; + ret = crypt_get_crt_name(crt, name); + if (ret < 0) { + if (ret == -ENAME) + log_err_id(id, "Certificate CN too long."); + else + log_err_id(id, "No name in certificate."); + goto fail_pin; } if (pin != NULL) |
