Add raw buffer holding SubjectAlternativeName ext to CRT structure

This is analogous to a previous commit for the `ExtendedKeyUsage`
extension: We aim at not using dynamically allocated linked lists
to represent the components of the `SubjectAlternativeName` extension,
but to traverse the raw ASN.1 data when needed.

This commit adds a field to `mbedtls_x509_crt` containing the raw
ASN.1 buffer bounds of the `SubjectAlternativeNames` extension.
This commit is contained in:
Hanno Becker 2019-02-21 14:34:46 +00:00
parent e1956af057
commit ded167e18c
2 changed files with 3 additions and 0 deletions

View file

@ -80,6 +80,7 @@ typedef struct mbedtls_x509_crt
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */ mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */
mbedtls_x509_buf_raw subject_alt_raw; /**< Raw data for SubjectAlternativeNames extension. */
int ext_types; /**< Bit string containing detected and parsed extensions */ int ext_types; /**< Bit string containing detected and parsed extensions */
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */

View file

@ -706,6 +706,8 @@ static int x509_get_crt_ext( unsigned char **p,
case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
/* Parse subject alt name */ /* Parse subject alt name */
crt->subject_alt_raw.p = *p;
crt->subject_alt_raw.len = end_ext_octet - *p;
if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
&crt->subject_alt_names ) ) != 0 ) &crt->subject_alt_names ) ) != 0 )
return( ret ); return( ret );