RFC 8398: EAI comparison

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#9654)
swenkeratmicrosoft · Sep 1, 2020 · 52a2124 · 52a2124
1 parent 7baa735
commit 52a2124
Showing 1 changed file with 16 additions and 2 deletions.
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
@@ -878,8 +878,22 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
             ASN1_STRING *cstr;
 
             gen = sk_GENERAL_NAME_value(gens, i);
-            if (gen->type != check_type)
-                continue;
+            if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) {
+                if (OBJ_obj2nid(gen->d.otherName->type_id) ==
+                    NID_id_on_SmtpUTF8Mailbox) {
+                    san_present = 1;
+                    cstr = gen->d.otherName->value->value.utf8string;
+
+                    /* Positive on success, negative on error! */
+                    if ((rv = do_check_string(cstr, 0, equal, flags,
+                                              chk, chklen, peername)) != 0)
+                        break;
+                } else
+                    continue;
+            } else {
+                if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME))
+                    continue;
+            }
             san_present = 1;
             if (check_type == GEN_EMAIL)
                 cstr = gen->d.rfc822Name;