GnuTLS: fix server assertion failure in client certificate verification

(cherry picked from commit 72c07065860ad8e70674714532da05e373acdc88) Plus an extra security check.

GnuTLS: fix server assertion failure in client certificate verification
(cherry picked from commit 72c07065860ad8e70674714532da05e373acdc88) Plus an extra security check.
f8eedf5e · Rémi Denis-Courmont · 9dd4633a · f8eedf5e
Commit f8eedf5e authored Jul 23, 2011 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

modules/misc/gnutls.c modules/misc/gnutls.c +3 -3

No files found.
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -356,8 +356,8 @@ gnutls_HandshakeAndValidate( tls_session_t *session )
        goto error;
    }
-    assert( p_sys->psz_hostname != NULL );
+    if( p_sys->psz_hostname != NULL
-    if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
+     && !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
    {
        msg_Err( session, "Certificate does not match \"%s\"",
                 p_sys->psz_hostname );
@@ -731,7 +731,7 @@ static int OpenClient (vlc_object_t *obj)
    char *servername = var_GetNonEmptyString (p_session, "tls-server-name");
    if (servername == NULL )
-        msg_Err (p_session, "server name missing for TLS session");
+        abort ();
    else
        gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS,
                                servername, strlen (servername));