Fix comparison between different name types
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
7d2a4d873f
commit
f3e4bd8632
1 changed files with 20 additions and 1 deletions
|
@ -3007,6 +3007,25 @@ static int x509_crt_check_cn( const mbedtls_x509_buf *name,
|
|||
return( -1 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check for SAN match, see RFC 5280 Section 4.2.1.6
|
||||
*/
|
||||
static int x509_crt_check_san( const mbedtls_x509_buf *name,
|
||||
const char *cn, size_t cn_len )
|
||||
{
|
||||
const unsigned char san_type = (unsigned char) name->tag &
|
||||
MBEDTLS_ASN1_TAG_VALUE_MASK;
|
||||
|
||||
/* dNSName */
|
||||
if( san_type == MBEDTLS_X509_SAN_DNS_NAME )
|
||||
return( x509_crt_check_cn( name, cn, cn_len ) );
|
||||
|
||||
/* (We may handle other types here later.) */
|
||||
|
||||
/* Unrecognized type */
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify the requested CN - only call this if cn is not NULL!
|
||||
*/
|
||||
|
@ -3022,7 +3041,7 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
|
|||
{
|
||||
for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
|
||||
{
|
||||
if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
|
||||
if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 )
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue