Merge pull request #7530 from AndrzejKurek/misc-subjectaltname-fixes
Miscellaneous fixes for SubjectAltName code / docs
This commit is contained in:
commit
975d9c0faf
4 changed files with 12 additions and 10 deletions
|
@ -304,7 +304,7 @@ mbedtls_x509_san_other_name;
|
|||
typedef struct mbedtls_x509_subject_alternative_name {
|
||||
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
|
||||
union {
|
||||
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
|
||||
mbedtls_x509_san_other_name other_name;
|
||||
mbedtls_x509_name directory_name;
|
||||
mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */
|
||||
}
|
||||
|
@ -407,7 +407,8 @@ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
|
|||
* of the subject alternative name encoded in \p san_raw.
|
||||
*
|
||||
* \note Supported GeneralName types, as defined in RFC 5280:
|
||||
* "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
|
||||
* "rfc822Name", "dnsName", "directoryName",
|
||||
* "uniformResourceIdentifier" and "hardware_module_name"
|
||||
* of type "otherName", as defined in RFC 4108.
|
||||
*
|
||||
* \note This function should be called on a single raw data of
|
||||
|
|
|
@ -75,7 +75,7 @@ typedef struct mbedtls_x509_crt {
|
|||
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
|
||||
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
|
||||
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
|
||||
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier, DirectoryName and OtherName are listed). */
|
||||
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */
|
||||
mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */
|
||||
mbedtls_x509_authority authority_key_id; /**< Optional X.509 v3 extension authority key identifier. */
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ typedef struct mbedtls_x509_csr {
|
|||
|
||||
unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
|
||||
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
|
||||
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
|
||||
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */
|
||||
|
||||
int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
|
||||
|
||||
|
|
|
@ -1215,9 +1215,9 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
|
|||
mbedtls_asn1_sequence *cur = subject_alt_name;
|
||||
|
||||
while (*p < end) {
|
||||
mbedtls_x509_subject_alternative_name dummy_san_buf;
|
||||
mbedtls_x509_subject_alternative_name tmp_san_name;
|
||||
mbedtls_x509_buf tmp_san_buf;
|
||||
memset(&dummy_san_buf, 0, sizeof(dummy_san_buf));
|
||||
memset(&tmp_san_name, 0, sizeof(tmp_san_name));
|
||||
|
||||
tmp_san_buf.tag = **p;
|
||||
(*p)++;
|
||||
|
@ -1236,9 +1236,10 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
|
|||
}
|
||||
|
||||
/*
|
||||
* Check that the SAN is structured correctly.
|
||||
* Check that the SAN is structured correctly by parsing it.
|
||||
* The SAN structure is discarded afterwards.
|
||||
*/
|
||||
ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf);
|
||||
ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &tmp_san_name);
|
||||
/*
|
||||
* In case the extension is malformed, return an error,
|
||||
* and clear the allocated sequences.
|
||||
|
@ -1249,7 +1250,7 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
|
|||
return ret;
|
||||
}
|
||||
|
||||
mbedtls_x509_free_subject_alt_name(&dummy_san_buf);
|
||||
mbedtls_x509_free_subject_alt_name(&tmp_san_name);
|
||||
/* Allocate and assign next pointer */
|
||||
if (cur->buf.p != NULL) {
|
||||
if (cur->next != NULL) {
|
||||
|
@ -1439,7 +1440,7 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
|
|||
break;
|
||||
|
||||
/*
|
||||
* RFC822 Name
|
||||
* rfc822Name
|
||||
*/
|
||||
case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME):
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue