Fix TLS verification when DNS lookup comes back with CNAMEs.

author: Sam Varshavchik 2017-03-15 22:34:31 -0400
committer: Sam Varshavchik 2017-03-15 22:34:31 -0400
commit: 5e522ab14f45c6f4f43c43e32a2f72fbf6354f1c (patch)
tree: f8bcbf56caa4c6ae65ce16c93309c1a8f65271b7 /tcpd
parent: a448501abc675a55364eff75acce901e4685331e (diff)
download: courier-libs-5e522ab14f45c6f4f43c43e32a2f72fbf6354f1c.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c
index 367cbba..321b812 100644
--- a/tcpd/libcouriertls.c
+++ b/tcpd/libcouriertls.c
@@ -778,6 +778,7 @@ SSL_CTX *tls_create_int(int isserver, const struct tls_info *info,
 				closedir(dirp);
                 }
 	}
+
 	SSL_CTX_set_verify(ctx, get_peer_verify_level(info),
 			   ssl_verify_callback);
 
@@ -1487,7 +1488,7 @@ void tls_dump_connection_info(ssl_handle ssl,
 
 		for (i=0; peer_cert_chain && i<sk_X509_num(peer_cert_chain);
 		     i++)
-			dump_x509((X509 *)sk_X509_value(peer_cert_chain,0),
+			dump_x509((X509 *)sk_X509_value(peer_cert_chain, i),
 				  dump_func, dump_arg);
 	}
author	Sam Varshavchik	2017-03-15 22:34:31 -0400
committer	Sam Varshavchik	2017-03-15 22:34:31 -0400
commit	5e522ab14f45c6f4f43c43e32a2f72fbf6354f1c (patch)
tree	f8bcbf56caa4c6ae65ce16c93309c1a8f65271b7 /tcpd
parent	a448501abc675a55364eff75acce901e4685331e (diff)
download	courier-libs-5e522ab14f45c6f4f43c43e32a2f72fbf6354f1c.tar.bz2