char*
DefaultServerNicknameForCert(CERTCertificate* cert)
{
char* nickname = nullptr;
int count;
bool conflict;
char* servername = nullptr;
servername = CERT_GetCommonName(&cert->subject);
if (!servername) {
// Certs without common names are strange, but they do exist...
// Let's try to use another string for the nickname
servername = CERT_GetOrgUnitName(&cert->subject);
if (!servername) {
servername = CERT_GetOrgName(&cert->subject);
if (!servername) {
servername = CERT_GetLocalityName(&cert->subject);
if (!servername) {
servername = CERT_GetStateName(&cert->subject);
if (!servername) {
servername = CERT_GetCountryName(&cert->subject);
if (!servername) {
// We tried hard, there is nothing more we can do.
// A cert without any names doesn't really make sense.
return nullptr;
}
}
}
}
}
}
count = 1;
while (1) {
if (count == 1) {
nickname = PR_smprintf("%s", servername);
}
else {
nickname = PR_smprintf("%s #%d", servername, count);
}
if (!nickname) {
break;
}
conflict = SEC_CertNicknameConflict(nickname, &cert->derSubject,
cert->dbhandle);
if (!conflict) {
break;
}
PR_Free(nickname);
count++;
}
PR_FREEIF(servername);
return nickname;
}
static
void checkName(CERTName *n, char *fieldName, int verbose)
{
char *v=0;
if (verbose) {
printf("Checking %s\n", fieldName);
}
v = CERT_GetCountryName(n);
if (!v) {
printf("PROBLEM: %s lacks Country Name (C)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetOrgName(n);
if (!v) {
printf("PROBLEM: %s lacks Organization Name (O)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetOrgUnitName(n);
if (!v) {
printf("WARNING: %s lacks Organization Unit Name (OU)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetCommonName(n);
if (!v) {
printf("PROBLEM: %s lacks Common Name (CN)\n",
fieldName);
}
PORT_Free(v);
}
