On Fri, Jul 25, 2014 at 6:34 PM, Magnus Hagander <magnus@hagander.net> wrote:
I just took a very quick look at the code, and just noticed one thing:
Why keep looping once you've found a match? When you set result=true you should break; from the loop I think. Not necessarily for performance, but there might be something about a different extension we can't parse for example, no need to fail in that case.
The for loop header is for (i = 0; i < alt_names_total && !result; i++), so the loop
should terminate right when the result becomes true, which happens if the pg_strcasecmp
finds a match between the given dNSName and the name supplied by the client.
Please add it to the next CF - this was just a very quick review, and it needs a proper one along with openssl version testing :)
