beck f23ec8ef09 Refactor tls_check_common_name to use lower level API. ... X509_NAME_get_text_by_NID is kind of a bad interface that we wish to make safer, and does not give us the visibility we really want here to detect hostile things. Instead call the lower level functions to do some better checking that should be done by X509_NAME_get_text_by_NID, but is not in the OpenSSL version. Specifically we will treat the input as hostile and fail if: 1) The certificate contains more than one CN in the subject. 2) The CN does not decode as UTF-8 3) The CN is of invalid length (must be between 1 and 64 bytes) 4) The CN contains a 0 byte 4) matches the existing logic, 1 and 2, and 3 are new checks. ok tb@		2023-05-28 09:02:01 +00:00
..
bin	Cope with recent changes to alignment of command column.	2023-03-09 06:22:40 +00:00
etc	Bring this regress into nicer shape. Add all recent architectures.	2021-09-27 18:27:14 +00:00
gnu	Add subdir gnu/lib to regress.	2022-03-23 22:34:51 +00:00
include
lib	Refactor tls_check_common_name to use lower level API.	2023-05-28 09:02:01 +00:00
libexec	Treat symlinks better in $ORIGIN determination in ld.so	2023-04-09 23:41:47 +00:00
misc	Print skipped on non applicable architectures.	2022-12-08 12:14:11 +00:00
sbin	remove duplicate includes	2023-04-19 12:58:15 +00:00
sys	Skip tests if p5-BSD-Socket-Splice is not installed.	2023-05-24 20:31:49 +00:00
usr.bin	Add a slow regress target that runs openssl speed with proper alignment	2023-05-20 12:07:21 +00:00
usr.sbin	Bye, bye, horrible reacharounds into libcrypto	2023-05-22 15:20:16 +00:00
Makefile	Remove all references to "make depend" from regress.	2017-07-07 23:55:21 +00:00