[crypto] Allow for X.509 certificates with no common name

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-01-11 16:08:34 +03:00 · 2012-05-08 10:36:09 +01:00
parent 6ba7fb7c5c
commit 0ad8b601dd
3 changed files with 7 additions and 5 deletions
--- a/src/crypto/cms.c
+++ b/src/crypto/cms.c
@@ -745,7 +745,8 @@ int cms_verify ( struct cms_signature *sig, userptr_t data, size_t len,
 	/* Verify using all signerInfos */
 	list_for_each_entry ( info, &sig->info, list ) {
 		cert = x509_first ( info->chain );
-		if ( name && ( strcmp ( name, cert->subject.name ) != 0 ) )
+		if ( name && ( ( cert->subject.name == NULL ) ||
+			       ( strcmp ( cert->subject.name, name ) != 0 ) ) )
 			continue;
 		if ( ( rc = cms_verify_signer_info ( sig, info, data, len,
 						     time, root ) ) != 0 )