Skip to content
Permalink
Browse files

Add iPaddress support for subjectAltName

subjectaltname only understood DNS entries.  Amend it to support IPv4 iPAddress.
  • Loading branch information
Jarrod Johnson
Jarrod Johnson committed Mar 19, 2014
1 parent fea8166 commit e4a9069fe792f702d24bf725586fb209f8faf541
Showing with 18 additions and 1 deletion.
  1. +18 −1 src/crypto/x509.c
@@ -20,6 +20,7 @@
FILE_LICENCE ( GPL2_OR_LATER );

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
@@ -533,6 +534,7 @@ static int x509_parse_subject_alt_name ( struct x509_certificate *cert,
struct asn1_cursor cursor;
struct asn1_cursor string_cursor;
int rc;
unsigned int type;

INIT_LIST_HEAD ( &subject_alt_name->names );

@@ -548,7 +550,9 @@ static int x509_parse_subject_alt_name ( struct x509_certificate *cert,
/* Mark extension as present */
subject_alt_name->present = 1;
memcpy ( &string_cursor, &cursor, sizeof ( string_cursor ) );
if ( ( rc = asn1_enter ( &string_cursor, ASN1_IMPLICIT_TAG ( 2 ) ) ) == 0 ) {
type = asn1_type( &string_cursor );
rc = asn1_enter_any ( &string_cursor );
if ( type == 0x82) {
char* name = zalloc ( string_cursor.len + 1 );
memcpy ( name, string_cursor.data, string_cursor.len );
if ( strlen ( name ) != string_cursor.len ) {
@@ -560,6 +564,19 @@ static int x509_parse_subject_alt_name ( struct x509_certificate *cert,
struct x509_san_link* link = zalloc ( sizeof ( struct x509_san_link ) );
link->name = name;
list_add ( &link->list, &subject_alt_name->names );
} else if ( type == 0x87 ) {
if ( string_cursor.len == 4 ) { // TODO: IPv6
char* name = zalloc ( 16 ); // max ipv4 string length
snprintf( name, 16, "%d.%d.%d.%d",
((unsigned char*)string_cursor.data)[0],
((unsigned char*)string_cursor.data)[1],
((unsigned char*)string_cursor.data)[2],
((unsigned char*)string_cursor.data)[3] );
//DBGC ( cert, "X509 %p subjectAltName %s\n", cert, name );
struct x509_san_link* link = zalloc ( sizeof ( struct x509_san_link ) );
link->name = name;
list_add ( &link->list, &subject_alt_name->names );
}
}
asn1_skip_any ( &cursor );
}

0 comments on commit e4a9069

Please sign in to comment.
You can’t perform that action at this time.