From dce27129b74f906e0d1c086858f360228d5cbc83 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Fri, 12 Jun 2026 20:26:27 +0200 Subject: irmd: Reject OAP peer crt with unusable CN Added checks for CN > NAME_SIZE. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/irmd/oap/auth.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/irmd/oap/auth.h') diff --git a/src/irmd/oap/auth.h b/src/irmd/oap/auth.h index be8d2cae..4a350120 100644 --- a/src/irmd/oap/auth.h +++ b/src/irmd/oap/auth.h @@ -29,7 +29,7 @@ int oap_check_hdr(const struct oap_hdr * hdr); -/* name is updated with the peer's certificate name if available */ +/* name is set to the peer crt CN, "" if no crt was presented */ int oap_auth_peer(char * name, const struct sec_config * cfg, const struct oap_hdr * local_hdr, -- cgit v1.2.3