diff --git a/library/x509_crt.c b/library/x509_crt.c index 025f3e0e1..436812d6d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -341,20 +341,15 @@ static int x509_get_subject_alt_name( unsigned char **p, return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ); + /* Skip everything but DNS name */ if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) ) { *p += tag_len; continue; } - buf = &(cur->buf); - buf->tag = tag; - buf->p = *p; - buf->len = tag_len; - *p += buf->len; - /* Allocate and assign next pointer */ - if (*p < end) + if( cur->buf.p != NULL ) { cur->next = (asn1_sequence *) polarssl_malloc( sizeof( asn1_sequence ) ); @@ -366,6 +361,12 @@ static int x509_get_subject_alt_name( unsigned char **p, memset( cur->next, 0, sizeof( asn1_sequence ) ); cur = cur->next; } + + buf = &(cur->buf); + buf->tag = tag; + buf->p = *p; + buf->len = tag_len; + *p += buf->len; } /* Set final sequence entry's next pointer to NULL */ @@ -1099,6 +1100,38 @@ static int compat_snprintf(char *str, size_t size, const char *format, ...) p += (unsigned int) ret; \ } +static int x509_info_subject_alt_name( char **buf, size_t *size, + const x509_sequence *subject_alt_name ) +{ + size_t i; + size_t n = *size; + char *p = *buf; + const x509_sequence *cur = subject_alt_name; + + while( cur != NULL ) + { + if( cur->buf.len + 1 >= n ) + { + *p = '\0'; + return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); + } + + n -= cur->buf.len + 1; + *p++ = ' '; + for( i = 0; i < cur->buf.len; i++ ) + *p++ = cur->buf.p[i]; + + cur = cur->next; + } + + *p = '\0'; + + *size = n; + *buf = p; + + return( 0 ); +} + static int x509_info_cert_type( char **buf, size_t *size, unsigned char ns_cert_type ) { @@ -1244,9 +1277,12 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & EXT_SUBJECT_ALT_NAME ) { - ret = snprintf( p, n, "\n%ssubject alt name : ", prefix ); + ret = snprintf( p, n, "\n%ssubject alt name :", prefix ); SAFE_SNPRINTF(); - /* TODO */ + + if( ( ret = x509_info_subject_alt_name( &p, &n, + &crt->subject_alt_names ) ) != 0 ) + return( ret ); } if( crt->ext_types & EXT_NS_CERT_TYPE ) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 083e8d1b0..387c4a26b 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -66,6 +66,10 @@ X509 Certificate information, NS Cert Type depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" +X509 Certificate information, NS Cert Type +depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C +x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com example.net *.example.org\n" + X509 Certificate information RSA signed by EC depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" @@ -76,7 +80,7 @@ x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number X509 certificate v1 with extension depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 -x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org www.identity-check.org\n" X509 CRL information #1 depends_on:POLARSSL_PEM_PARSE_C