diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index 4a4355c1..ae9437b2 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -5441,7 +5441,19 @@ union lws_tls_cert_info_results { unsigned int usage; struct { int len; - char name[64]; /* KEEP LAST... name[] not allowed in union */ + /* KEEP LAST... notice the [64] is only there because + * name[] is not allowed in a union. The actual length of + * name[] is arbitrary and is passed into the api using the + * len parameter. Eg + * + * char big[1024]; + * union lws_tls_cert_info_results *buf = + * (union lws_tls_cert_info_results *)big; + * + * lws_tls_peer_cert_info(wsi, type, buf, + * sizeof(big) - sizeof(*buf) + 64); + */ + char name[64]; } ns; }; diff --git a/lib/tls/openssl/ssl.c b/lib/tls/openssl/ssl.c index 8e9f0ef4..d120fe10 100644 --- a/lib/tls/openssl/ssl.c +++ b/lib/tls/openssl/ssl.c @@ -552,10 +552,10 @@ lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type, xn = X509_get_subject_name(x509); if (!xn) return -1; - X509_NAME_oneline(xn, buf->ns.name, (int)len - 1); + X509_NAME_oneline(xn, buf->ns.name, (int)len - 2); p = strstr(buf->ns.name, "/CN="); if (p) - strcpy(buf->ns.name, p + 4); + memmove(buf->ns.name, p + 4, strlen(p + 4) + 1); buf->ns.len = (int)strlen(buf->ns.name); return 0;