Skip to content

Commit

Permalink
Properly NULL terminate EKU strings on Windows
Browse files Browse the repository at this point in the history 
Additionally, ensure we only pass thin string pointers, not fat ones
  • Loading branch information
@complexspaces @ctz
complexspaces authored and ctz committed Aug 23, 2024
1 parent 09ae65c commit 12adeb0
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion rustls-platform-verifier/src/verification/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,14 +74,17 @@ fn invalid_certificate(reason: impl Into<String>) -> rustls::Error {
)))
}

#[cfg(any(windows, target_os = "android"))]
/// List of EKUs that one or more of that *must* be in the end-entity certificate.
///
/// Legacy server-gated crypto OIDs are assumed to no longer be in use.
///
/// Currently supported:
/// - id-kp-serverAuth
// TODO: Chromium also allows for `OID_ANY_EKU` on Android.
#[cfg(target_os = "windows")]
const ALLOWED_EKUS: &[*mut u8] = &["1.3.6.1.5.5.7.3.1\0".as_ptr() as *mut u8];

#[cfg(target_os = "android")]
pub const ALLOWED_EKUS: &[&str] = &["1.3.6.1.5.5.7.3.1"];

impl Verifier {
Expand Down

0 comments on commit 12adeb0

Please sign in to comment.