oss
/
openadk


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
							--- stunnel-5.31.orig/src/verify.c	2016-02-19 20:18:43.000000000 +0100
+++ stunnel-5.31/src/verify.c	2016-03-13 13:30:11.000000000 +0100
@@ -51,9 +51,6 @@ NOEXPORT int add_dir_lookup(X509_STORE *
 NOEXPORT int verify_callback(int, X509_STORE_CTX *);
 NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
 NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
-NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
 NOEXPORT int cert_check_local(X509_STORE_CTX *);
 NOEXPORT int compare_pubkeys(X509 *, X509 *);
 #ifndef OPENSSL_NO_OCSP
@@ -274,10 +271,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
     }
 
     if(depth==0) { /* additional peer certificate checks */
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
-        if(!cert_check_subject(c, callback_ctx))
-            return 0; /* reject */
-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
         if(c->opt->verify_level>=3 && !cert_check_local(callback_ctx))
             return 0; /* reject */
     }
@@ -285,51 +278,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
     return 1; /* accept */
 }
 
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
-NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
-    X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
-    NAME_LIST *ptr;
-    char *peername=NULL;
-
-    if(c->opt->check_host) {
-        for(ptr=c->opt->check_host; ptr; ptr=ptr->next)
-            if(X509_check_host(cert, ptr->name, 0, 0, &peername)>0)
-                break;
-        if(!ptr) {
-            s_log(LOG_WARNING, "CERT: No matching host name found");
-            return 0; /* reject */
-        }
-        s_log(LOG_INFO, "CERT: Host name \"%s\" matched with \"%s\"",
-            ptr->name, peername);
-        OPENSSL_free(peername);
-    }
-
-    if(c->opt->check_email) {
-        for(ptr=c->opt->check_email; ptr; ptr=ptr->next)
-            if(X509_check_email(cert, ptr->name, 0, 0)>0)
-                break;
-        if(!ptr) {
-            s_log(LOG_WARNING, "CERT: No matching email address found");
-            return 0; /* reject */
-        }
-        s_log(LOG_INFO, "CERT: Email address \"%s\" matched", ptr->name);
-    }
-
-    if(c->opt->check_ip) {
-        for(ptr=c->opt->check_ip; ptr; ptr=ptr->next)
-            if(X509_check_ip_asc(cert, ptr->name, 0)>0)
-                break;
-        if(!ptr) {
-            s_log(LOG_WARNING, "CERT: No matching IP address found");
-            return 0; /* reject */
-        }
-        s_log(LOG_INFO, "CERT: IP address \"%s\" matched", ptr->name);
-    }
-
-    return 1; /* accept */
-}
-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
-
 NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
     X509 *cert;
     X509_NAME *subject;