END_TEST START_TEST(ssl_x509_names_01) { X509 *c; char **names, **p; c = ssl_x509_load(TESTCERT); fail_unless(!!c, "loading certificate failed"); names = ssl_x509_names(c); fail_unless(!!names, "parsing names failed"); fail_unless(!!names[0], "first name"); fail_unless(!strcmp(names[0], "daniel.roe.ch"), "first name"); fail_unless(!!names[1], "second name"); fail_unless(!strcmp(names[1], "daniel.roe.ch"), "second name"); fail_unless(!!names[2], "third name"); fail_unless(!strcmp(names[2], "www.roe.ch"), "third name"); fail_unless(!!names[3], "fourth name"); fail_unless(!strcmp(names[3], "*.roe.ch"), "fourth name"); fail_unless(!names[4], "too many names"); p = names; while (*p) free(*p++); free(names); X509_free(c); }
/* * Callback to load a cert/chain/key combo from a single PEM file. */ static void main_loadtgcrt(const char *filename, void *arg) { opts_t *opts = arg; cert_t *cert; char **names; cert = cert_new_load(filename); if (!cert) { log_err_printf("Failed to load cert and key from PEM file " "'%s'\n", filename); log_fini(); exit(EXIT_FAILURE); /* XXX */ } if (X509_check_private_key(cert->crt, cert->key) != 1) { log_err_printf("Cert does not match key in PEM file " "'%s':\n", filename); ERR_print_errors_fp(stderr); log_fini(); exit(EXIT_FAILURE); /* XXX */ } #ifdef DEBUG_CERTIFICATE log_dbg_printf("Loaded '%s':\n", filename); log_dbg_print_free(ssl_x509_to_str(cert->crt)); log_dbg_print_free(ssl_x509_to_pem(cert->crt)); #endif /* DEBUG_CERTIFICATE */ if (OPTS_DEBUG(opts)) { log_dbg_printf("Targets for '%s':", filename); } names = ssl_x509_names(cert->crt); for (char **p = names; *p; p++) { /* be deliberately vulnerable to NULL prefix attacks */ char *sep; if ((sep = strchr(*p, '!'))) { *sep = '\0'; } if (OPTS_DEBUG(opts)) { log_dbg_printf(" '%s'", *p); } cachemgr_tgcrt_set(*p, cert); free(*p); } if (OPTS_DEBUG(opts)) { log_dbg_printf("\n"); } free(names); cert_free(cert); }