From 31c0abd610a91df77234e916e7417e50c60616cb Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Wed, 23 Oct 2019 12:20:35 +0200
Subject: [PATCH] wolfSSL_X509_NAME_print_ex should not put the null terminator
 in the BIO

---
 configure.ac |  8 ++++----
 src/ssl.c    | 11 ++++++++---
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 86b6e08c7..c0d84e739 100644
--- a/configure.ac
+++ b/configure.ac
@@ -538,6 +538,10 @@ then
     ENABLED_OPENSSLALL="yes"
 fi
 
+if test "$ENABLED_NGINX" = "yes"
+then
+    ENABLED_OPENSSLALL="yes"
+fi
 if test "$ENABLED_OPENSSLALL" = "yes"
 then
 AM_CFLAGS="-DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE $AM_CFLAGS"
@@ -553,10 +557,6 @@ if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$EN
 then
     ENABLED_OPENSSLEXTRA="yes"
 fi
-if test "$ENABLED_NGINX" = "yes"
-then
-    ENABLED_OPENSSLALL="yes"
-fi
 if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
 then
   AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
diff --git a/src/ssl.c b/src/ssl.c
index 814872906..193ae1d63 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -39497,6 +39497,9 @@ static int get_dn_attr_by_nid(int n, const char** buf)
 }
 #endif
 
+/*
+ * The BIO output of  wolfSSL_X509_NAME_print_ex does NOT include the null terminator
+ */
 int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
                 int indent, unsigned long flags)
 {
@@ -39519,7 +39522,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
 
     /* If XN_FLAG_DN_REV is present, print X509_NAME in reverse order */
     if (flags == (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)) {
-#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
+#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
         fullName[0] = '\0';
         count = wolfSSL_X509_NAME_entry_count(name);
         for (i = 0; i < count; i++) {
@@ -39551,17 +39554,19 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
             }
             totalSz += tmpSz;
         }
+        if (fullName[totalSz-1] == '\0')
+        	totalSz--;
         if (wolfSSL_BIO_write(bio, fullName, totalSz) != totalSz)
             return WOLFSSL_FAILURE;
         return WOLFSSL_SUCCESS;
-#endif /* WOLFSSL_APACHE_HTTPD || OPENSSL_ALL */
+#endif /* WOLFSSL_APACHE_HTTPD || OPENSSL_ALL || WOLFSSL_NGINX */
     }
     else if (flags == XN_FLAG_RFC2253) {
         if (wolfSSL_BIO_write(bio, name->name + 1, name->sz - 2)
                                                                 != name->sz - 2)
             return WOLFSSL_FAILURE;
     }
-    else if (wolfSSL_BIO_write(bio, name->name, name->sz) != name->sz)
+    else if (wolfSSL_BIO_write(bio, name->name, name->sz - 1) != name->sz - 1)
         return WOLFSSL_FAILURE;
 
     return WOLFSSL_SUCCESS;