char *ne_ssl_readable_dname(const ne_ssl_dname *name) { gnutls_x509_dn_t dn; int ret, rdn = 0, flag = 0; ne_buffer *buf; gnutls_x509_ava_st val; #ifdef HAVE_NEW_DN_API dn = name->dn; #else if (name->subject) ret = gnutls_x509_crt_get_subject(name->cert, &dn); else ret = gnutls_x509_crt_get_issuer(name->cert, &dn); if (ret) return ne_strdup(_("[unprintable]")); #endif /* HAVE_NEW_DN_API */ buf = ne_buffer_create(); /* Find the highest rdn... */ while (gnutls_x509_dn_get_rdn_ava(dn, rdn++, 0, &val) == 0) ; /* ..then iterate back to the first: */ while (--rdn >= 0) { int ava = 0; /* Iterate through all AVAs for multivalued AVAs; better than * ne_openssl can do! */ do { ret = gnutls_x509_dn_get_rdn_ava(dn, rdn, ava, &val); /* If the *only* attribute to append is the common name or * email address, use it; otherwise skip those * attributes. */ if (ret == 0 && val.value.size > 0 && ((!CMPOID(&val, OID_emailAddress) && !CMPOID(&val, OID_commonName)) || (buf->used == 1 && rdn == 0))) { flag = 1; if (buf->used > 1) ne_buffer_append(buf, ", ", 2); append_dirstring(buf, &val.value, val.value_tag); } ava++; } while (ret == 0); } return ne_buffer_finish(buf); }
void doit (void) { int ret; gnutls_datum_t pem_cert = { (unsigned char*)pem, sizeof (pem) }; gnutls_x509_crt_t cert; gnutls_x509_dn_t xdn; ret = gnutls_global_init (); if (ret < 0) fail ("init %d\n", ret); ret = gnutls_x509_crt_init (&cert); if (ret < 0) fail ("crt_init %d\n", ret); ret = gnutls_x509_crt_import (cert, &pem_cert, GNUTLS_X509_FMT_PEM); if (ret < 0) fail ("crt_import %d\n", ret); ret = gnutls_x509_crt_get_issuer (cert, &xdn); if (ret < 0) fail ("get_issuer %d\n", ret); if (debug) { printf ("Issuer:\n"); print_dn (xdn); } ret = gnutls_x509_crt_get_subject (cert, &xdn); if (ret < 0) fail ("get_subject %d\n", ret); if (debug) { printf ("Subject:\n"); print_dn (xdn); } if (debug) success ("done\n"); gnutls_x509_crt_deinit (cert); gnutls_global_deinit (); }
/* Populate an ne_ssl_certificate structure from an X509 object. Note * that x5 is owned by returned cert object and must not be otherwise * freed by the caller. */ static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert, gnutls_x509_crt x5) { #ifdef HAVE_NEW_DN_API gnutls_x509_crt_get_subject(x5, &cert->subj_dn.dn); gnutls_x509_crt_get_issuer(x5, &cert->issuer_dn.dn); #else cert->subj_dn.cert = x5; cert->subj_dn.subject = 1; cert->issuer_dn.cert = x5; cert->issuer_dn.subject = 0; #endif cert->issuer = NULL; cert->subject = x5; cert->identity = NULL; check_identity(NULL, x5, &cert->identity); return cert; }
void doit(void) { int ret; gnutls_datum_t pem_cert = { (unsigned char *) pem, sizeof(pem) }; gnutls_x509_crt_t cert; gnutls_datum_t strdn; gnutls_x509_dn_t xdn; ret = global_init(); if (ret < 0) fail("init %d\n", ret); ret = gnutls_x509_crt_init(&cert); if (ret < 0) fail("crt_init %d\n", ret); ret = gnutls_x509_crt_import(cert, &pem_cert, GNUTLS_X509_FMT_PEM); if (ret < 0) fail("crt_import %d\n", ret); ret = gnutls_x509_crt_get_issuer(cert, &xdn); if (ret < 0) fail("get_issuer %d\n", ret); if (debug) { printf("Issuer:\n"); print_dn(xdn); } ret = gnutls_x509_crt_get_subject(cert, &xdn); if (ret < 0) fail("get_subject %d\n", ret); /* test the original function behavior */ ret = gnutls_x509_dn_get_str(xdn, &strdn); if (ret < 0) fail("gnutls_x509_dn_get_str %d\n", ret); if (strdn.size != 44 || strcmp((char*)strdn.data, "CN=CAcert WoT User,[email protected]") != 0) { fail("gnutls_x509_dn_get_str string comparison failed: '%s'/%d\n", strdn.data, strdn.size); } gnutls_free(strdn.data); /* test the new function behavior */ ret = gnutls_x509_dn_get_str2(xdn, &strdn, 0); if (ret < 0) fail("gnutls_x509_dn_get_str2 %d\n", ret); if (strdn.size != 44 || strcmp((char*)strdn.data, "[email protected],CN=CAcert WoT User") != 0) { fail("gnutls_x509_dn_get_str2 string comparison failed: '%s'/%d\n", strdn.data, strdn.size); } gnutls_free(strdn.data); /* test the new/compat function behavior */ ret = gnutls_x509_dn_get_str2(xdn, &strdn, GNUTLS_X509_DN_FLAG_COMPAT); if (ret < 0) fail("gnutls_x509_dn_get_str2 %d\n", ret); if (strdn.size != 44 || strcmp((char*)strdn.data, "CN=CAcert WoT User,[email protected]") != 0) { fail("gnutls_x509_dn_get_str2 string comparison failed: '%s'/%d\n", strdn.data, strdn.size); } gnutls_free(strdn.data); if (debug) { printf("Subject:\n"); print_dn(xdn); } if (debug) success("done\n"); gnutls_x509_crt_deinit(cert); gnutls_global_deinit(); }