File git-CVE-2013-0308-imap-send-support-subjectAltName-as-well.patch of Package git

From f6460f871e382edd62c3a8c6948158e7a9ecaf64 Mon Sep 17 00:00:00 2001
From: Oswald Buddenhagen <ossi@kde.org>
Date: Fri, 15 Feb 2013 12:59:53 -0800
Subject: [PATCH v3 3/3] imap-send: support subjectAltName as well

Check not only the common name of the certificate subject, but also
check the subject alternative DNS names as well, when verifying that
the certificate matches that of the host we are trying to talk to.

Signed-off-by: Oswald Buddenhagen <ossi@kde.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 imap-send.c |   19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
--- git-1.6.4.2/imap-send.c.orig	2013-02-26 12:32:02.903269658 +0100
+++ git-1.6.4.2/imap-send.c	2013-02-26 12:35:13.873658651 +0100
@@ -26,6 +26,10 @@
 #include "exec_cmd.h"
 #ifdef NO_OPENSSL
 typedef void *SSL;
+#else
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/x509v3.h>
 #endif
 
 struct store_conf {
@@ -291,6 +295,24 @@
 	int len;
 	X509_NAME *subj;
 	char cname[1000];
+	int i, found;
+	STACK_OF(GENERAL_NAME) *subj_alt_names;
+
+	/* try the DNS subjectAltNames */
+	found = 0;
+	if ((subj_alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL))) {
+		int num_subj_alt_names = sk_GENERAL_NAME_num(subj_alt_names);
+		for (i = 0; !found && i < num_subj_alt_names; i++) {
+			GENERAL_NAME *subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i);
+			if (subj_alt_name->type == GEN_DNS &&
+			    strlen((const char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length &&
+			    host_matches(hostname, (const char *)(subj_alt_name->d.ia5->data)))
+				found = 1;
+		}
+		sk_GENERAL_NAME_pop_free(subj_alt_names, GENERAL_NAME_free);
+	}
+	if (found)
+		return 0;
 
 	/* try the common name */
 	if (!(subj = X509_get_subject_name(cert)))
--- git-1.6.4.2/imap-send.c.orig	2013-02-26 13:46:38.444789808 +0100
+++ git-1.6.4.2/imap-send.c	2013-02-26 13:46:58.330897664 +0100
@@ -142,6 +142,18 @@
 	int use_html;
 };
 
+static struct imap_server_conf server = {
+	NULL,	/* name */
+	NULL,	/* tunnel */
+	NULL,	/* host */
+	0,	/* port */
+	NULL,	/* user */
+	NULL,	/* pass */
+	0,   	/* use_ssl */
+	1,   	/* ssl_verify */
+	0,   	/* use_html */
+};
+
 struct imap_store_conf {
 	struct store_conf gen;
 	struct imap_server_conf *server;
@@ -1490,18 +1502,6 @@
 	return 1;
 }
 
-static struct imap_server_conf server = {
-	NULL,	/* name */
-	NULL,	/* tunnel */
-	NULL,	/* host */
-	0,	/* port */
-	NULL,	/* user */
-	NULL,	/* pass */
-	0,   	/* use_ssl */
-	1,   	/* ssl_verify */
-	0,   	/* use_html */
-};
-
 static char *imap_folder;
 
 static int git_imap_config(const char *key, const char *val, void *cb)