Merge pull request #7530 from AndrzejKurek/misc-subjectaltname-fixes

Miscellaneous fixes for SubjectAltName code / docs
This commit is contained in:
Gilles Peskine 2023-06-05 15:38:53 +02:00 committed by GitHub
commit 975d9c0faf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 12 additions and 10 deletions

View file

@ -304,7 +304,7 @@ mbedtls_x509_san_other_name;
typedef struct mbedtls_x509_subject_alternative_name {
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
mbedtls_x509_san_other_name other_name;
mbedtls_x509_name directory_name;
mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */
}
@ -407,7 +407,8 @@ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
* of the subject alternative name encoded in \p san_raw.
*
* \note Supported GeneralName types, as defined in RFC 5280:
* "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
* "rfc822Name", "dnsName", "directoryName",
* "uniformResourceIdentifier" and "hardware_module_name"
* of type "otherName", as defined in RFC 4108.
*
* \note This function should be called on a single raw data of

View file

@ -75,7 +75,7 @@ typedef struct mbedtls_x509_crt {
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier, DirectoryName and OtherName are listed). */
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */
mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */
mbedtls_x509_authority authority_key_id; /**< Optional X.509 v3 extension authority key identifier. */

View file

@ -60,7 +60,7 @@ typedef struct mbedtls_x509_csr {
unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */
int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */

View file

@ -1215,9 +1215,9 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
mbedtls_asn1_sequence *cur = subject_alt_name;
while (*p < end) {
mbedtls_x509_subject_alternative_name dummy_san_buf;
mbedtls_x509_subject_alternative_name tmp_san_name;
mbedtls_x509_buf tmp_san_buf;
memset(&dummy_san_buf, 0, sizeof(dummy_san_buf));
memset(&tmp_san_name, 0, sizeof(tmp_san_name));
tmp_san_buf.tag = **p;
(*p)++;
@ -1236,9 +1236,10 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
}
/*
* Check that the SAN is structured correctly.
* Check that the SAN is structured correctly by parsing it.
* The SAN structure is discarded afterwards.
*/
ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf);
ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &tmp_san_name);
/*
* In case the extension is malformed, return an error,
* and clear the allocated sequences.
@ -1249,7 +1250,7 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
return ret;
}
mbedtls_x509_free_subject_alt_name(&dummy_san_buf);
mbedtls_x509_free_subject_alt_name(&tmp_san_name);
/* Allocate and assign next pointer */
if (cur->buf.p != NULL) {
if (cur->next != NULL) {
@ -1439,7 +1440,7 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
break;
/*
* RFC822 Name
* rfc822Name
*/
case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME):
{