summaryrefslogtreecommitdiff
path: root/src/irmd/oap/auth.c
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2026-06-12 20:26:27 +0200
committerSander Vrijders <sander@ouroboros.rocks>2026-06-29 08:32:58 +0200
commitdce27129b74f906e0d1c086858f360228d5cbc83 (patch)
treee9ccf1d96bd1059c54c1930271a957a13d9cf5ca /src/irmd/oap/auth.c
parent977bcac2d56a8793ed93b4aac7016ef36b51a07f (diff)
downloadouroboros-dce27129b74f906e0d1c086858f360228d5cbc83.tar.gz
ouroboros-dce27129b74f906e0d1c086858f360228d5cbc83.zip
irmd: Reject OAP peer crt with unusable CN
Added checks for CN > NAME_SIZE. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/oap/auth.c')
-rw-r--r--src/irmd/oap/auth.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/irmd/oap/auth.c b/src/irmd/oap/auth.c
index ebe1949b..60bd5f97 100644
--- a/src/irmd/oap/auth.c
+++ b/src/irmd/oap/auth.c
@@ -266,9 +266,13 @@ int oap_auth_peer(char * name,
goto fail_pin;
}
- if (crypt_get_crt_name(crt, name) < 0) {
- log_warn_id(id, "Failed to extract name from certificate.");
- name[0] = '\0';
+ ret = crypt_get_crt_name(crt, name);
+ if (ret < 0) {
+ if (ret == -ENAME)
+ log_err_id(id, "Certificate CN too long.");
+ else
+ log_err_id(id, "No name in certificate.");
+ goto fail_pin;
}
if (pin != NULL)