END_TEST
START_TEST(ssl_x509_names_01)
{
X509 *c;
char **names, **p;
c = ssl_x509_load(TESTCERT);
fail_unless(!!c, "loading certificate failed");
names = ssl_x509_names(c);
fail_unless(!!names, "parsing names failed");
fail_unless(!!names[0], "first name");
fail_unless(!strcmp(names[0], "daniel.roe.ch"), "first name");
fail_unless(!!names[1], "second name");
fail_unless(!strcmp(names[1], "daniel.roe.ch"), "second name");
fail_unless(!!names[2], "third name");
fail_unless(!strcmp(names[2], "www.roe.ch"), "third name");
fail_unless(!!names[3], "fourth name");
fail_unless(!strcmp(names[3], "*.roe.ch"), "fourth name");
fail_unless(!names[4], "too many names");
p = names;
while (*p)
free(*p++);
free(names);
X509_free(c);
}
/*
* Callback to load a cert/chain/key combo from a single PEM file.
*/
static void
main_loadtgcrt(const char *filename, void *arg)
{
opts_t *opts = arg;
cert_t *cert;
char **names;
cert = cert_new_load(filename);
if (!cert) {
log_err_printf("Failed to load cert and key from PEM file "
"'%s'\n", filename);
log_fini();
exit(EXIT_FAILURE); /* XXX */
}
if (X509_check_private_key(cert->crt, cert->key) != 1) {
log_err_printf("Cert does not match key in PEM file "
"'%s':\n", filename);
ERR_print_errors_fp(stderr);
log_fini();
exit(EXIT_FAILURE); /* XXX */
}
#ifdef DEBUG_CERTIFICATE
log_dbg_printf("Loaded '%s':\n", filename);
log_dbg_print_free(ssl_x509_to_str(cert->crt));
log_dbg_print_free(ssl_x509_to_pem(cert->crt));
#endif /* DEBUG_CERTIFICATE */
if (OPTS_DEBUG(opts)) {
log_dbg_printf("Targets for '%s':", filename);
}
names = ssl_x509_names(cert->crt);
for (char **p = names; *p; p++) {
/* be deliberately vulnerable to NULL prefix attacks */
char *sep;
if ((sep = strchr(*p, '!'))) {
*sep = '\0';
}
if (OPTS_DEBUG(opts)) {
log_dbg_printf(" '%s'", *p);
}
cachemgr_tgcrt_set(*p, cert);
free(*p);
}
if (OPTS_DEBUG(opts)) {
log_dbg_printf("\n");
}
free(names);
cert_free(cert);
}
