Suppport otherName of type hardware module name
Add support of parsing of subject alternative name, of type otherName. Currently supports only hardware module name, as defined in rfc 4108.
This commit is contained in:
parent
75d9a333ce
commit
b2dc3fa72e
11 changed files with 565 additions and 30 deletions
|
@ -214,6 +214,9 @@
|
|||
*/
|
||||
#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
|
||||
|
||||
#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
|
||||
#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
|
||||
|
||||
/*
|
||||
* PKCS definition OIDs
|
||||
*/
|
||||
|
|
|
@ -109,6 +109,28 @@
|
|||
/* \} name */
|
||||
/* \} addtogroup x509_module */
|
||||
|
||||
/*
|
||||
* X.509 v3 Subject Alternative Name types.
|
||||
* otherName [0] OtherName,
|
||||
* rfc822Name [1] IA5String,
|
||||
* dNSName [2] IA5String,
|
||||
* x400Address [3] ORAddress,
|
||||
* directoryName [4] Name,
|
||||
* ediPartyName [5] EDIPartyName,
|
||||
* uniformResourceIdentifier [6] IA5String,
|
||||
* iPAddress [7] OCTET STRING,
|
||||
* registeredID [8] OBJECT IDENTIFIER
|
||||
*/
|
||||
#define MBEDTLS_X509_SAN_OTHER_NAME 0
|
||||
#define MBEDTLS_X509_SAN_RFC822_NAME 1
|
||||
#define MBEDTLS_X509_SAN_DNS_NAME 2
|
||||
#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3
|
||||
#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4
|
||||
#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5
|
||||
#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
|
||||
#define MBEDTLS_X509_SAN_IP_ADDRESS 7
|
||||
#define MBEDTLS_X509_SAN_REGISTERED_ID 8
|
||||
|
||||
/*
|
||||
* X.509 v3 Key Usage Extension flags
|
||||
* Reminder: update x509_info_key_usage() when adding new flags.
|
||||
|
|
|
@ -76,7 +76,7 @@ typedef struct mbedtls_x509_crt
|
|||
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
|
||||
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
|
||||
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
|
||||
mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */
|
||||
mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName and OtherName supported). */
|
||||
|
||||
int ext_types; /**< Bit string containing detected and parsed extensions */
|
||||
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
|
||||
|
@ -97,6 +97,44 @@ typedef struct mbedtls_x509_crt
|
|||
}
|
||||
mbedtls_x509_crt;
|
||||
|
||||
/*
|
||||
* From RFC 5280 section 4.2.1.6:
|
||||
* OtherName ::= SEQUENCE {
|
||||
* type-id OBJECT IDENTIFIER,
|
||||
* value [0] EXPLICIT ANY DEFINED BY type-id }
|
||||
*/
|
||||
typedef struct mbedtls_x509_san_other_name
|
||||
{
|
||||
mbedtls_x509_buf type_id; /**< The type id. */
|
||||
union
|
||||
{
|
||||
/*
|
||||
* From RFC 4108 section 5:
|
||||
* HardwareModuleName ::= SEQUENCE {
|
||||
* hwType OBJECT IDENTIFIER,
|
||||
* hwSerialNum OCTET STRING }
|
||||
*/
|
||||
mbedtls_x509_name hardware_module_name;
|
||||
}
|
||||
value;
|
||||
}
|
||||
mbedtls_x509_san_other_name;
|
||||
|
||||
/*
|
||||
* A structure for holding the parsed Subject Alternative Name, according to type
|
||||
*/
|
||||
typedef struct mbedtls_x509_subject_alternative_name
|
||||
{
|
||||
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
|
||||
union {
|
||||
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
|
||||
mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
|
||||
}
|
||||
san; /**< A union of the supported SAN types */
|
||||
struct mbedtls_x509_subject_alternative_name *next; /**< The next SAN in the list. */
|
||||
}
|
||||
mbedtls_x509_subject_alternative_name;
|
||||
|
||||
/**
|
||||
* Build flag from an algorithm/curve identifier (pk, md, ecp)
|
||||
* Since 0 is always XXX_NONE, ignore it.
|
||||
|
@ -347,7 +385,26 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
|
|||
*/
|
||||
int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
/**
|
||||
* \brief Parses the subject alternative name list of a given certificate;
|
||||
*
|
||||
* \param crt The X509 certificate to parse.
|
||||
*
|
||||
* \param san A list holding the parsed certificate.
|
||||
*
|
||||
* \note Only "dnsName" and "otherName" of type hardware_module_name,
|
||||
* as defined in RFC 4180 is supported.
|
||||
*
|
||||
* \note Any unsupported san type is ignored.
|
||||
*
|
||||
* \note The function allocates a list of mbedtls_x509_subject_alternative_name
|
||||
* and it is the caller's responsibility to free it.
|
||||
*
|
||||
* \return Zero for success and negative
|
||||
* value for any other failure.
|
||||
*/
|
||||
int mbedtls_x509_parse_subject_alternative_name( const mbedtls_x509_crt *crt,
|
||||
mbedtls_x509_subject_alternative_name **san );
|
||||
/**
|
||||
* \brief Returns an informational string about the
|
||||
* certificate.
|
||||
|
|
|
@ -618,7 +618,8 @@ static int x509_get_ext_key_usage( unsigned char **p,
|
|||
* nameAssigner [0] DirectoryString OPTIONAL,
|
||||
* partyName [1] DirectoryString }
|
||||
*
|
||||
* NOTE: we only parse and use dNSName at this point.
|
||||
* NOTE: we only parse and use dNSName at this point,
|
||||
* and otherName of type HwModuleName, as defined in RFC 4108.
|
||||
*/
|
||||
static int x509_get_subject_alt_name( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
|
@ -657,13 +658,6 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
|||
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
||||
}
|
||||
|
||||
/* Skip everything but DNS name */
|
||||
if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
|
||||
{
|
||||
*p += tag_len;
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Allocate and assign next pointer */
|
||||
if( cur->buf.p != NULL )
|
||||
{
|
||||
|
@ -1435,32 +1429,195 @@ cleanup:
|
|||
}
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
/*
|
||||
* OtherName ::= SEQUENCE {
|
||||
* type-id OBJECT IDENTIFIER,
|
||||
* value [0] EXPLICIT ANY DEFINED BY type-id }
|
||||
*
|
||||
* HardwareModuleName ::= SEQUENCE {
|
||||
* hwType OBJECT IDENTIFIER,
|
||||
* hwSerialNum OCTET STRING }
|
||||
*
|
||||
* NOTE: we currently only parse and use otherName of type HwModuleName,
|
||||
* as defined in RFC 4108.
|
||||
*/
|
||||
static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
|
||||
mbedtls_x509_san_other_name *other_name )
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p = subject_alt_name->p;
|
||||
const unsigned char *end = p + subject_alt_name->len;
|
||||
mbedtls_x509_buf cur_oid;
|
||||
|
||||
if( ( subject_alt_name->tag &
|
||||
( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) !=
|
||||
( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ) )
|
||||
{
|
||||
/*
|
||||
* The given subject alternative name is not of type "othername".
|
||||
*/
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_OID ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
cur_oid.tag = MBEDTLS_ASN1_OID;
|
||||
cur_oid.p = p;
|
||||
cur_oid.len = len;
|
||||
|
||||
/*
|
||||
* Only HwModuleName is currently supported.
|
||||
*/
|
||||
if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
if( p + len >= end )
|
||||
{
|
||||
mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
p += len;
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID;
|
||||
other_name->value.hardware_module_name.oid.p = p;
|
||||
other_name->value.hardware_module_name.oid.len = len;
|
||||
|
||||
if( p + len >= end )
|
||||
{
|
||||
mbedtls_platform_zeroize( other_name, sizeof( other_name ) );
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
p += len;
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING;
|
||||
other_name->value.hardware_module_name.val.p = p;
|
||||
other_name->value.hardware_module_name.val.len = len;
|
||||
other_name->value.hardware_module_name.next = NULL;
|
||||
other_name->value.hardware_module_name.next_merged = 0;
|
||||
p += len;
|
||||
if( p != end )
|
||||
{
|
||||
mbedtls_platform_zeroize( other_name,
|
||||
sizeof( other_name ) );
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static int x509_info_subject_alt_name( char **buf, size_t *size,
|
||||
const mbedtls_x509_sequence *subject_alt_name )
|
||||
const mbedtls_x509_sequence *subject_alt_name,
|
||||
const char *prefix )
|
||||
{
|
||||
size_t i;
|
||||
int ret;
|
||||
size_t n = *size;
|
||||
char *p = *buf;
|
||||
const mbedtls_x509_sequence *cur = subject_alt_name;
|
||||
const char *sep = "";
|
||||
size_t sep_len = 0;
|
||||
|
||||
while( cur != NULL )
|
||||
{
|
||||
if( cur->buf.len + sep_len >= n )
|
||||
switch( cur->buf.tag &
|
||||
( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) )
|
||||
{
|
||||
*p = '\0';
|
||||
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
||||
/*
|
||||
* otherName
|
||||
*/
|
||||
case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ):
|
||||
{
|
||||
mbedtls_x509_san_other_name other_name;
|
||||
|
||||
ret = x509_get_other_name( &cur->buf, &other_name );
|
||||
if( ret != 0 )
|
||||
{
|
||||
/*
|
||||
* In case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned,
|
||||
* then the "otherName" is of an unsupported type. Ignore.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
|
||||
ret = 0;
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
|
||||
&other_name.value.hardware_module_name.oid ) != 0 )
|
||||
{
|
||||
ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
ret = mbedtls_oid_get_numeric_string( p, n, &other_name.value.hardware_module_name.oid );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if( other_name.value.hardware_module_name.val.len >= n )
|
||||
{
|
||||
*p = '\0';
|
||||
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
for( i = 0; i < other_name.value.hardware_module_name.val.len; i++ )
|
||||
{
|
||||
*p++ = other_name.value.hardware_module_name.val.p[i];
|
||||
}
|
||||
n -= other_name.value.hardware_module_name.val.len;
|
||||
|
||||
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */
|
||||
}
|
||||
break;
|
||||
|
||||
/*
|
||||
* dNSName
|
||||
*/
|
||||
case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ):
|
||||
{
|
||||
|
||||
ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
if( cur->buf.len >= n )
|
||||
{
|
||||
*p = '\0';
|
||||
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
||||
}
|
||||
n -= cur->buf.len;
|
||||
for( i = 0; i < cur->buf.len; i++ )
|
||||
*p++ = cur->buf.p[i];
|
||||
}
|
||||
break;
|
||||
|
||||
/*
|
||||
* Type not supported, skip item.
|
||||
*/
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
n -= cur->buf.len + sep_len;
|
||||
for( i = 0; i < sep_len; i++ )
|
||||
*p++ = sep[i];
|
||||
for( i = 0; i < cur->buf.len; i++ )
|
||||
*p++ = cur->buf.p[i];
|
||||
|
||||
sep = ", ";
|
||||
sep_len = 2;
|
||||
|
||||
cur = cur->next;
|
||||
}
|
||||
|
@ -1473,6 +1630,105 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_x509_parse_subject_alternative_name( const mbedtls_x509_crt *crt,
|
||||
mbedtls_x509_subject_alternative_name **san )
|
||||
{
|
||||
int ret;
|
||||
const mbedtls_x509_sequence *cur = &crt->subject_alt_names;
|
||||
mbedtls_x509_subject_alternative_name *cur_san = *san, *prev_san = NULL;
|
||||
|
||||
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
|
||||
{
|
||||
if( cur_san != NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
while( cur != NULL )
|
||||
{
|
||||
switch( cur->buf.tag &
|
||||
( MBEDTLS_ASN1_TAG_CLASS_MASK |
|
||||
MBEDTLS_ASN1_TAG_VALUE_MASK ) )
|
||||
{
|
||||
/*
|
||||
* otherName
|
||||
*/
|
||||
case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ):
|
||||
{
|
||||
mbedtls_x509_san_other_name other_name;
|
||||
|
||||
ret = x509_get_other_name( &cur->buf, &other_name );
|
||||
if( ret != 0 )
|
||||
{
|
||||
/*
|
||||
* In case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned,
|
||||
* then the "otherName" is of an unsupported type. Ignore.
|
||||
*/
|
||||
if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
|
||||
ret = 0;
|
||||
cur = cur->next;
|
||||
continue;
|
||||
}
|
||||
|
||||
cur_san = mbedtls_calloc( 1, sizeof( mbedtls_x509_subject_alternative_name ) );
|
||||
if( cur_san == NULL )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_ALLOC_FAILED );
|
||||
|
||||
if( prev_san != NULL )
|
||||
prev_san->next = cur_san;
|
||||
|
||||
cur_san->type = MBEDTLS_X509_SAN_OTHER_NAME;
|
||||
memcpy( &cur_san->san.other_name,
|
||||
&other_name, sizeof( other_name ) );
|
||||
|
||||
}
|
||||
break;
|
||||
|
||||
/*
|
||||
* dNSName
|
||||
*/
|
||||
case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ):
|
||||
{
|
||||
cur_san = mbedtls_calloc( 1, sizeof( mbedtls_x509_subject_alternative_name ) );
|
||||
if( cur_san == NULL )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_ALLOC_FAILED );
|
||||
|
||||
if( prev_san != NULL )
|
||||
prev_san->next = cur_san;
|
||||
|
||||
memset( cur_san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
|
||||
cur_san->type = MBEDTLS_X509_SAN_DNS_NAME;
|
||||
|
||||
memcpy( &cur_san->san.unstructured_name,
|
||||
&cur->buf, sizeof( cur->buf ) );
|
||||
|
||||
}
|
||||
break;
|
||||
|
||||
/*
|
||||
* Type not supported, skip item.
|
||||
*/
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
if( *san == NULL )
|
||||
*san = cur_san;
|
||||
|
||||
if( cur_san != NULL )
|
||||
{
|
||||
prev_san = cur_san;
|
||||
cur_san = cur_san->next;
|
||||
}
|
||||
|
||||
cur = cur->next;
|
||||
}/* while( cur != NULL ) */
|
||||
}/* crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME */
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#define PRINT_ITEM(i) \
|
||||
{ \
|
||||
ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
|
||||
|
@ -1659,11 +1915,12 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
|
|||
|
||||
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
|
||||
{
|
||||
ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
|
||||
ret = mbedtls_snprintf( p, n, "\n%ssubject alt name :", prefix );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if( ( ret = x509_info_subject_alt_name( &p, &n,
|
||||
&crt->subject_alt_names ) ) != 0 )
|
||||
&crt->subject_alt_names,
|
||||
prefix) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
|
|
@ -142,6 +142,12 @@ server5-ss-forgeca.crt: server5.key
|
|||
$(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
|
||||
all_final += server5-ss-forgeca.crt
|
||||
|
||||
server5-othername.crt: server5.key
|
||||
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
|
||||
|
||||
server5-unsupported_othername.crt: server5.key
|
||||
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
|
||||
|
||||
server10-badsign.crt: server10.crt
|
||||
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
|
||||
all_final += server10-badsign.crt
|
||||
|
|
12
tests/data_files/multiple_san.crt
Normal file
12
tests/data_files/multiple_san.crt
Normal file
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB2jCCAYCgAwIBAgIBBDAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
|
||||
A1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11bHRpcGxlIG90aGVy
|
||||
bmFtZSBTQU4wHhcNMTkwNDIyMTYxMDQ4WhcNMjkwNDE5MTYxMDQ4WjBKMQswCQYD
|
||||
VQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11
|
||||
bHRpcGxlIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
|
||||
zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
|
||||
wmt3DVXNiioO+gHItO3/o1cwVTBTBgNVHREETDBKggtleGFtcGxlLmNvbaAfBggr
|
||||
BgEFBQcIBKATMBEGBysGAQQBEQMEBjEyMzQ1NoILZXhhbXBsZS5uZXSCDSouZXhh
|
||||
bXBsZS5vcmcwCgYIKoZIzj0EAwIDSAAwRQIhAMZUkp+pcuFQ3WWdgvV4Y+tIXOyS
|
||||
L6p0RtEAOi/GgigVAiB50n3rIUKjapYstPp3yOpGZGyRxnc6uRdSiMH5wLA4yw==
|
||||
-----END CERTIFICATE-----
|
11
tests/data_files/server5-othername.crt
Normal file
11
tests/data_files/server5-othername.crt
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBnzCCAUWgAwIBAgIBTTAKBggqhkjOPQQDAjBBMQswCQYDVQQGEwJVSzERMA8G
|
||||
A1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIG90aGVybmFtZSBTQU4w
|
||||
HhcNMTkwMzI0MDkwNjAyWhcNMjkwMzIxMDkwNjAyWjBBMQswCQYDVQQGEwJVSzER
|
||||
MA8GA1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIG90aGVybmFtZSBT
|
||||
QU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5
|
||||
BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqIwmt3DVXNiioO+gHItO3/oy4w
|
||||
LDAqBgNVHREEIzAhoB8GCCsGAQUFBwgEoBMwEQYHKwYBBAERAwQGMTIzNDU2MAoG
|
||||
CCqGSM49BAMCA0gAMEUCIQCijdm1AfArx2p4cLCVciHCTE8UXRiTm8f85k4aNzzf
|
||||
sgIgCdmLyfZB9jsSPH3A3O1GATAR3O9OTtEDC+YSc+lvxSw=
|
||||
-----END CERTIFICATE-----
|
12
tests/data_files/server5-unsupported_othername.crt
Normal file
12
tests/data_files/server5-unsupported_othername.crt
Normal file
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBtjCCAVygAwIBAgIBTTAKBggqhkjOPQQDAjBNMQswCQYDVQQGEwJVSzERMA8G
|
||||
A1UECgwITWJlZCBUTFMxKzApBgNVBAMMIk1iZWQgVExTIHVuc3VwcG9ydGVkIG90
|
||||
aGVybmFtZSBTQU4wHhcNMTkwNTAxMDkxMDM1WhcNMjkwNDI4MDkxMDM1WjBNMQsw
|
||||
CQYDVQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKzApBgNVBAMMIk1iZWQgVExT
|
||||
IHVuc3VwcG9ydGVkIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMB
|
||||
BwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0
|
||||
XV0WvYqIwmt3DVXNiioO+gHItO3/oy0wKzApBgNVHREEIjAgoB4GAyoDBKAXDBVz
|
||||
b21lIG90aGVyIGlkZW50aWZpZXIwCgYIKoZIzj0EAwIDSAAwRQIhANkj6n9qHYVi
|
||||
FLfb0IRZpIsvvuNCjSgT8yBLVjJYQj3nAiBffQKZ7y/F6rfon6L1GZU0BBja8BLX
|
||||
rXp8WpY7Bc8myQ==
|
||||
-----END CERTIFICATE-----
|
|
@ -12,6 +12,25 @@ subjectKeyIdentifier=hash
|
|||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
basicConstraints = CA:true
|
||||
|
||||
[othername_san]
|
||||
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
|
||||
|
||||
[unsupoported_othername_san]
|
||||
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
|
||||
|
||||
[alt_names]
|
||||
DNS.1=example.com
|
||||
otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
|
||||
DNS.2=example.net
|
||||
DNS.3=*.example.org
|
||||
|
||||
[multiple_san]
|
||||
subjectAltName=@alt_names
|
||||
|
||||
[hw_module_name]
|
||||
hwtype = OID:1.3.6.1.4.1.17.3
|
||||
hwserial = OCT:123456
|
||||
|
||||
[noext_ca]
|
||||
basicConstraints = CA:true
|
||||
|
||||
|
|
|
@ -94,6 +94,10 @@ X509 Certificate information EC, SHA512 Digest
|
|||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
|
||||
x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
|
||||
|
||||
X509 Certificate information EC, SHA256 Digest, hardware module name SAN
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||
x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n"
|
||||
|
||||
X509 Certificate information, NS Cert Type
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||
x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n"
|
||||
|
@ -108,11 +112,15 @@ x509_cert_info:"data_files/keyUsage.decipherOnly.crt":"cert. version \: 3\ns
|
|||
|
||||
X509 Certificate information, Subject Alt Name
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||
x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com, example.net, *.example.org\n"
|
||||
x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n"
|
||||
|
||||
X509 Certificate information, Multiple different Subject Alt Name
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||
x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n"
|
||||
|
||||
X509 Certificate information, Subject Alt Name + Key Usage
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||
x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \: www.shotokan-braunschweig.de, www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
|
||||
x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
|
||||
|
||||
X509 Certificate information, Key Usage + Extended Key Usage
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
|
@ -128,11 +136,31 @@ x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number
|
|||
|
||||
X509 Certificate information Bitstring in subject name
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||
x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: \next key usage \: TLS Web Client Authentication\n"
|
||||
x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\next key usage \: TLS Web Client Authentication\n"
|
||||
|
||||
X509 certificate v1 with extension
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C
|
||||
x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org, www.identity-check.org\n"
|
||||
x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n"
|
||||
|
||||
X509 SAN parsing otherName
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||
x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
|
||||
|
||||
X509 SAN parsing dNSName
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||
x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
|
||||
|
||||
X509 SAN parsing Multiple different types
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||
x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
|
||||
|
||||
X509 SAN parsing, no subject alt name
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
|
||||
x509_parse_san:"data_files/server4.crt":""
|
||||
|
||||
X509 SAN parsing, unsupported otherName name
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||
x509_parse_san:"data_files/server5-unsupported_othername.crt":""
|
||||
|
||||
X509 CRL information #1
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
|
|
|
@ -219,6 +219,79 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
|
||||
char **buf, size_t *size )
|
||||
{
|
||||
int ret;
|
||||
size_t i;
|
||||
char *p = *buf;
|
||||
size_t n = *size;
|
||||
|
||||
ret = mbedtls_snprintf( p, n, "type : %u", san->type );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
switch( san->type )
|
||||
{
|
||||
case( MBEDTLS_X509_SAN_OTHER_NAME ):
|
||||
ret = mbedtls_snprintf( p, n, "\notherName :");
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
|
||||
&san->san.other_name.value.hardware_module_name.oid ) != 0 )
|
||||
{
|
||||
ret = mbedtls_snprintf( p, n, " hardware module name :" );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
ret = mbedtls_snprintf( p, n, " hardware type : " );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
ret = mbedtls_oid_get_numeric_string( p, n,
|
||||
&san->san.other_name.value.hardware_module_name.oid );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if( san->san.other_name.value.hardware_module_name.val.len >= n )
|
||||
{
|
||||
*p = '\0';
|
||||
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
|
||||
{
|
||||
*p++ = san->san.other_name.value.hardware_module_name.val.p[i];
|
||||
}
|
||||
n -= san->san.other_name.value.hardware_module_name.val.len;
|
||||
}
|
||||
break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
|
||||
case( MBEDTLS_X509_SAN_DNS_NAME ):
|
||||
ret = mbedtls_snprintf( p, n, "\ndNSName : " );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
if( san->san.unstructured_name.len >= n )
|
||||
{
|
||||
*p = '\0';
|
||||
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
||||
}
|
||||
n -= san->san.unstructured_name.len;
|
||||
for( i = 0; i < san->san.unstructured_name.len; i++ )
|
||||
*p++ = san->san.unstructured_name.p[i];
|
||||
break;/* MBEDTLS_X509_SAN_DNS_NAME */
|
||||
|
||||
default:
|
||||
/*
|
||||
* Should not happen.
|
||||
*/
|
||||
return( -1 );
|
||||
}
|
||||
ret = mbedtls_snprintf( p, n, "\n" );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
*size = n;
|
||||
*buf = p;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
/* END_HEADER */
|
||||
|
||||
|
@ -227,6 +300,41 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint
|
|||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void x509_parse_san( char * crt_file, char * result_str )
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
mbedtls_x509_subject_alternative_name *cur, *next, *san = NULL;
|
||||
char buf[2000];
|
||||
char *p = buf;
|
||||
size_t n = sizeof( buf );
|
||||
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
TEST_ASSERT( mbedtls_x509_parse_subject_alternative_name( &crt, &san ) == 0 );
|
||||
cur = san;
|
||||
while( cur != NULL )
|
||||
{
|
||||
TEST_ASSERT( verify_parse_san( cur, &p, &n ) == 0 );
|
||||
cur = cur->next;
|
||||
}
|
||||
|
||||
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
|
||||
for( cur = san; cur != NULL; cur = next )
|
||||
{
|
||||
next = cur->next;
|
||||
mbedtls_free( cur );
|
||||
}
|
||||
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void x509_cert_info( char * crt_file, char * result_str )
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue