From 59c13aea84496d3a68f3c280d8ff8f3b80651949 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sun, 1 May 2016 18:14:33 -0700
Subject: [PATCH] Still check UTF validity in dnsname

---
 openssl/src/x509/mod.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 6d38047a..0a242a15 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -882,7 +882,10 @@ impl<'a> GeneralName<'a> {
             let len = ffi::ASN1_STRING_length((*self.name).d as *mut _);
 
             let slice = slice::from_raw_parts(ptr as *const u8, len as usize);
-            Some(str::from_utf8_unchecked(slice))
+            // dNSNames are stated to be ASCII (specifically IA5). Hopefully
+            // OpenSSL checks that when loading a certificate but if not we'll
+            // use this instead of from_utf8_unchecked just in case.
+            str::from_utf8(slice).ok()
         }
     }