/*
* Save X509 fields to environment, using the naming convention:
*
* X509_{cert_depth}_{name}={value}
*/
void
x509_setenv (struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert)
{
int i, n;
int fn_nid;
ASN1_OBJECT *fn;
ASN1_STRING *val;
X509_NAME_ENTRY *ent;
const char *objbuf;
unsigned char *buf;
char *name_expand;
size_t name_expand_size;
X509_NAME *x509 = X509_get_subject_name (peer_cert);
n = X509_NAME_entry_count (x509);
for (i = 0; i < n; ++i)
{
ent = X509_NAME_get_entry (x509, i);
if (!ent)
continue;
fn = X509_NAME_ENTRY_get_object (ent);
if (!fn)
continue;
val = X509_NAME_ENTRY_get_data (ent);
if (!val)
continue;
fn_nid = OBJ_obj2nid (fn);
if (fn_nid == NID_undef)
continue;
objbuf = OBJ_nid2sn (fn_nid);
if (!objbuf)
continue;
buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
if (ASN1_STRING_to_UTF8 (&buf, val) <= 0)
continue;
name_expand_size = 64 + strlen (objbuf);
name_expand = (char *) malloc (name_expand_size);
check_malloc_return (name_expand);
openvpn_snprintf (name_expand, name_expand_size, "X509_%d_%s", cert_depth,
objbuf);
string_mod (name_expand, CC_PRINT, CC_CRLF, '_');
string_mod ((char*)buf, CC_PRINT, CC_CRLF, '_');
setenv_str (es, name_expand, (char*)buf);
free (name_expand);
OPENSSL_free (buf);
}
}
int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
char *buf, int len)
{
int i;
ASN1_STRING *data;
i = X509_NAME_get_index_by_OBJ(name, obj, -1);
if (i < 0)
return (-1);
data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
i = (data->length > (len - 1)) ? (len - 1) : data->length;
if (buf == NULL)
return (data->length);
OPENSSL_memcpy(buf, data->data, i);
buf[i] = '\0';
return (i);
}
//int EstEID_loadCertEntries(EstEID_Map cert, char *prefix, X509_NAME *x509Name) {
int EstEID_loadCertEntries(EstEID_Map cert, char *prefix, struct X509_name_st *x509Name) {
// todo: error handling of all openssl functions
unsigned int count = X509_NAME_entry_count(x509Name);
for (unsigned int i = 0; i < count; i++) {
X509_NAME_ENTRY *entry = X509_NAME_get_entry(x509Name, i);
char name[1024];
strcpy(name, prefix);
OBJ_obj2txt(name + strlen(prefix), sizeof(name) - strlen(prefix), entry->object, 0);
char *value;
ASN1_STRING_to_UTF8((unsigned char **)&value, entry->value);
EstEID_mapPutNoAlloc(cert, strdup(name), value);
}
return SUCCESS;
}
/*
* Equivalent of X509_NAME_oneline that respects encoding
*
* This function converts X509_NAME structure to the text variable
* converting all textual data into current database encoding.
*
* Parameter: X509_NAME *name X509_NAME structure to be converted
*
* Returns: text datum which contains string representation of
* X509_NAME
*/
datum_t
X509_NAME_to_text(X509_NAME *name)
{
BIO *membuf = BIO_new(BIO_s_mem());
int i,
nid,
count = X509_NAME_entry_count(name);
X509_NAME_ENTRY *e;
ASN1_STRING *v;
const char *field_name;
size_t size;
char nullterm;
char *sp;
char *dp;
text *result;
(void) BIO_set_close(membuf, BIO_CLOSE);
for (i = 0; i < count; i++)
{
e = X509_NAME_get_entry(name, i);
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
v = X509_NAME_ENTRY_get_data(e);
field_name = OBJ_nid2sn(nid);
if (!field_name)
field_name = OBJ_nid2ln(nid);
BIO_printf(membuf, "/%s=", field_name);
ASN1_STRING_print_ex(membuf, v,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
}
/* ensure null termination of the BIO's content */
nullterm = '\0';
BIO_write(membuf, &nullterm, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = (char *) pg_do_encoding_conversion((unsigned char *) sp,
size - 1,
PG_UTF8,
get_db_encoding());
result = cstring_to_text(dp);
if (dp != sp)
pfree(dp);
BIO_free(membuf);
RET_TEXT_P(result);
}
static void CheckDN(X509_NAME *dn)
{
for (int i = 0; i < X509_NAME_entry_count(dn); i++)
{
X509_NAME_ENTRY *ne = X509_NAME_get_entry(dn, i);
ASN1_STRING *data = X509_NAME_ENTRY_get_data(ne);
if (data->type != V_ASN1_SEQUENCE)
{
CheckNameEntryValid(ne);
}
else
{
/* TODO: It's a sequence, we should go over it's members */
SetInfo(INF_STRING_NOT_CHECKED);
}
}
}
/*
* 这个类呢,是用来实现和 JACK 实现的那个 AVROUTER 对接的。也就是 JACK 版本的 AV NETWORK SERVICE PROVIDER
*/
void avjackif::set_pki(boost::shared_ptr<RSA> _key, boost::shared_ptr<X509> cert)
{
_rsa = _key;
_x509 = cert;
unsigned char * CN = NULL;
auto cert_name = X509_get_subject_name(cert.get());
auto cert_entry = X509_NAME_get_entry(cert_name,
X509_NAME_get_index_by_NID(cert_name, NID_commonName, 0)
);
ASN1_STRING *entryData = X509_NAME_ENTRY_get_data( cert_entry );
auto strlengh = ASN1_STRING_to_UTF8(&CN, entryData);
printf("%s\n",CN);
std::string commonname((char*)CN, strlengh);
m_local_addr.reset(new proto::avAddress(av_address_from_string(commonname)));
OPENSSL_free(CN);
}
/*
* Convert an X509 subject name to a cstring.
*
*/
static char *
X509_NAME_to_cstring(X509_NAME *name)
{
BIO *membuf = BIO_new(BIO_s_mem());
int i,
nid,
count = X509_NAME_entry_count(name);
X509_NAME_ENTRY *e;
ASN1_STRING *v;
const char *field_name;
size_t size;
char nullterm;
char *sp;
char *dp;
char *result;
(void) BIO_set_close(membuf, BIO_CLOSE);
for (i = 0; i < count; i++)
{
e = X509_NAME_get_entry(name, i);
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
v = X509_NAME_ENTRY_get_data(e);
field_name = OBJ_nid2sn(nid);
if (!field_name)
field_name = OBJ_nid2ln(nid);
BIO_printf(membuf, "/%s=", field_name);
ASN1_STRING_print_ex(membuf, v,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
}
/* ensure null termination of the BIO's content */
nullterm = '\0';
BIO_write(membuf, &nullterm, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = pg_any_to_server(sp, size - 1, PG_UTF8);
result = pstrdup(dp);
if (dp != sp)
pfree(dp);
BIO_free(membuf);
return result;
}
static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname,
const char *var)
{
const char *ptr;
char *result;
X509_NAME_ENTRY *xsne;
int i, j, n, idx = 0, raw = 0;
apr_size_t varlen;
ptr = ap_strrchr_c(var, '_');
if (ptr && ptr > var && strcmp(ptr + 1, "RAW") == 0) {
var = apr_pstrmemdup(p, var, ptr - var);
raw = 1;
}
/* if an _N suffix is used, find the Nth attribute of given name */
ptr = ap_strchr_c(var, '_');
if (ptr != NULL && strspn(ptr + 1, "0123456789") == strlen(ptr + 1)) {
idx = atoi(ptr + 1);
varlen = ptr - var;
} else {
varlen = strlen(var);
}
result = NULL;
for (i = 0; ssl_var_lookup_ssl_cert_dn_rec[i].name != NULL; i++) {
if (strEQn(var, ssl_var_lookup_ssl_cert_dn_rec[i].name, varlen)
&& strlen(ssl_var_lookup_ssl_cert_dn_rec[i].name) == varlen) {
for (j = 0; j < X509_NAME_entry_count(xsname); j++) {
xsne = X509_NAME_get_entry(xsname, j);
n =OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));
if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) {
result = modssl_X509_NAME_ENTRY_to_string(p, xsne, raw);
break;
}
}
break;
}
}
return result;
}
static PyObject *
crypto_X509Name_get_components(crypto_X509NameObj *self, PyObject *args)
{
int n, i;
X509_NAME *name = self->x509_name;
PyObject *list;
if (!PyArg_ParseTuple(args, ":get_components"))
return NULL;
n = X509_NAME_entry_count(name);
list = PyList_New(n);
for (i = 0; i < n; i++)
{
X509_NAME_ENTRY *ent;
ASN1_OBJECT *fname;
ASN1_STRING *fval;
int nid;
int l;
unsigned char *str;
PyObject *tuple;
ent = X509_NAME_get_entry(name, i);
fname = X509_NAME_ENTRY_get_object(ent);
fval = X509_NAME_ENTRY_get_data(ent);
l = ASN1_STRING_length(fval);
str = ASN1_STRING_data(fval);
nid = OBJ_obj2nid(fname);
/* printf("fname is %s len=%d str=%s\n", OBJ_nid2sn(nid), l, str); */
tuple = PyTuple_New(2);
PyTuple_SetItem(tuple, 0, PyBytes_FromString(OBJ_nid2sn(nid)));
PyTuple_SetItem(tuple, 1, PyBytes_FromStringAndSize((char *)str, l));
PyList_SetItem(list, i, tuple);
}
return list;
}
static char *__apn_ssl_cert_entry_string(X509_NAME *name) {
char subject_entry_buffer[__APN_X509_ENTRY_BUF_SIZE] = {0};
int entry_count = X509_NAME_entry_count(name);
for (int i = 0; i < entry_count; i++) {
X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
ASN1_OBJECT *entry_object = X509_NAME_ENTRY_get_object(entry);
const char *entry_name = OBJ_nid2sn(OBJ_obj2nid(entry_object));
const unsigned char *entry_value = ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry));
apn_strcat(subject_entry_buffer, entry_name, __APN_X509_ENTRY_BUF_SIZE, strlen(entry_name));
apn_strcat(subject_entry_buffer, "=", __APN_X509_ENTRY_BUF_SIZE, 1);
apn_strcat(subject_entry_buffer, (const char *)entry_value, __APN_X509_ENTRY_BUF_SIZE, strlen((const char *)entry_value));
if(i + 1 < entry_count) {
apn_strcat(subject_entry_buffer, ", ", __APN_X509_ENTRY_BUF_SIZE, 2);
}
}
return apn_strndup(subject_entry_buffer, strlen(subject_entry_buffer));
}
/***
get text by given asn1_object or nid
@function get_text
@tparam string|integer|asn1_object identid for asn1_object
@tparam[opt=-1] number lastpos retrieve the next index after lastpos
@treturn string text and followed by lastpos
*/
static int openssl_xname_get_text(lua_State*L)
{
X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
ASN1_OBJECT *obj = openssl_get_asn1object(L, 2, 0);
int lastpos = luaL_optint(L, 3, -1);
X509_NAME_ENTRY *e;
ASN1_STRING *s;
lastpos = X509_NAME_get_index_by_OBJ(xn, obj, lastpos);
ASN1_OBJECT_free(obj);
if (lastpos == -1)
return 0;
e = X509_NAME_get_entry(xn, lastpos);
s = X509_NAME_ENTRY_get_data(e);
lua_pushlstring(L, (const char *)ASN1_STRING_get0_data(s), ASN1_STRING_length(s));
lua_pushinteger(L, lastpos);
return 2;
};
MONO_API int
mono_btls_x509_name_get_entry_oid (MonoBtlsX509Name *name, int index, char *buffer, int size)
{
X509_NAME_ENTRY *entry;
ASN1_OBJECT *obj;
if (index >= X509_NAME_entry_count (name->name))
return 0;
entry = X509_NAME_get_entry (name->name, index);
if (!entry)
return 0;
obj = X509_NAME_ENTRY_get_object (entry);
if (!obj)
return 0;
return OBJ_obj2txt (buffer, size, obj, 1);
}
MONO_API MonoBtlsX509NameEntryType
mono_btls_x509_name_get_entry_type (MonoBtlsX509Name *name, int index)
{
X509_NAME_ENTRY *entry;
ASN1_OBJECT *obj;
if (index >= X509_NAME_entry_count (name->name))
return -1;
entry = X509_NAME_get_entry (name->name, index);
if (!entry)
return -1;
obj = X509_NAME_ENTRY_get_object (entry);
if (!obj)
return -1;
return nid2mono (OBJ_obj2nid (obj));
}
static const char *get_cname(X509 *cert)
{
X509_NAME *name;
X509_NAME_ENTRY *entry;
ASN1_STRING *str;
int cn_idx;
name = X509_get_subject_name(cert);
if (name == NULL)
return "";
cn_idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
if (cn_idx == -1)
return "";
entry = X509_NAME_get_entry(name, cn_idx);
i_assert(entry != NULL);
str = X509_NAME_ENTRY_get_data(entry);
i_assert(str != NULL);
return asn1_string_to_c(str);
}
static void openssl_setenv_X509_add_entries(liVRequest *vr, X509 *x509, const gchar *prefix, guint prefix_len) {
guint i, j;
GString *k = vr->wrk->tmp_str;
X509_NAME *xn = X509_get_subject_name(x509);
X509_NAME_ENTRY *xe;
const char * xobjsn;
g_string_truncate(k, 0);
g_string_append_len(k, prefix, prefix_len);
for (i = 0, j = X509_NAME_entry_count(xn); i < j; ++i) {
if (!(xe = X509_NAME_get_entry(xn, i))
|| !(xobjsn = OBJ_nid2sn(OBJ_obj2nid((ASN1_OBJECT*)X509_NAME_ENTRY_get_object(xe)))))
continue;
g_string_truncate(k, prefix_len);
g_string_append(k, xobjsn);
li_environment_set(&vr->env, GSTR_LEN(k), (const gchar *)xe->value->data, xe->value->length);
}
}
static int
GetCommonNameFromCertificate__(X509 *cert, char *name, size_t len)
{
X509_NAME *subject;
X509_NAME_ENTRY *entry;
int count, i;
if ((subject = X509_get_subject_name(cert)) == NULL)
return -1;
count = X509_NAME_entry_count(subject);
for (i = 0; i < count; i++){
if ((entry = X509_NAME_get_entry(subject, i)) == NULL) break;
if (OBJ_obj2nid(entry->object) != NID_commonName) continue;
if (name != NULL && len > 0)
snprintf(name, len, "%s", entry->value->data);
return entry->value->length;
}
return -1;
}
// generate an LLSD from a certificate name (issuer or subject name).
// the name will be strings indexed by the 'long form'
LLSD cert_name_from_X509_NAME(X509_NAME* name)
{
LLSD result = LLSD::emptyMap();
int name_entries = X509_NAME_entry_count(name);
for (int entry_index=0; entry_index < name_entries; entry_index++)
{
char buffer[32];
X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index);
std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)),
M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry);
OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0);
std::string obj_buffer_str = std::string(buffer);
result[obj_buffer_str] = name_value;
}
return result;
}
MONO_API int
mono_btls_x509_name_get_entry_oid_data (MonoBtlsX509Name *name, int index, const void **data)
{
X509_NAME_ENTRY *entry;
ASN1_OBJECT *obj;
if (index >= X509_NAME_entry_count (name->name))
return -1;
entry = X509_NAME_get_entry (name->name, index);
if (!entry)
return -1;
obj = X509_NAME_ENTRY_get_object (entry);
if (!obj)
return -1;
*data = obj->data;
return obj->length;
}
static int openssl_xname_get_text(lua_State*L)
{
X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
int nid = openssl_get_nid(L, 2);
int lastpos = luaL_optint(L, 3, -1);
X509_NAME_ENTRY *e;
ASN1_STRING *s;
if (nid == NID_undef)
return 0;
lastpos = X509_NAME_get_index_by_NID(xn, nid, lastpos);
if (lastpos == -1)
return 0;
e = X509_NAME_get_entry(xn, lastpos);
s = X509_NAME_ENTRY_get_data(e);
lua_pushlstring(L, (const char *)ASN1_STRING_data(s), ASN1_STRING_length(s));
lua_pushinteger(L, lastpos);
return 2;
};
/* * Extract a field from an X509 subject name. * * Example: * * /C=US/ST=CO/L=Denver/O=ORG/CN=First-CN/CN=Test-CA/[email protected] * * The common name is 'Test-CA' * * Return true on success, false on error (insufficient buffer size in 'out' * to contain result is grounds for error). */ static result_t extract_x509_field_ssl (X509_NAME *x509, const char *field_name, char *out, int size) { int lastpos = -1; int tmp = -1; X509_NAME_ENTRY *x509ne = 0; ASN1_STRING *asn1 = 0; unsigned char *buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ int nid = OBJ_txt2nid((char *)field_name); ASSERT (size > 0); *out = '\0'; do { lastpos = tmp; tmp = X509_NAME_get_index_by_NID(x509, nid, lastpos); } while (tmp > -1); /* Nothing found */ if (lastpos == -1) return FAILURE; x509ne = X509_NAME_get_entry(x509, lastpos); if (!x509ne) return FAILURE; asn1 = X509_NAME_ENTRY_get_data(x509ne); if (!asn1) return FAILURE; tmp = ASN1_STRING_to_UTF8(&buf, asn1); if (tmp <= 0) return FAILURE; strncpynt(out, (char *)buf, size); { const result_t ret = (strlen ((char *)buf) < size) ? SUCCESS: FAILURE; OPENSSL_free (buf); return ret; } }
void
output_X509_NAME(X509_NAME *name, gf_io_t pc)
{
int i, c;
char buf[256];
c = X509_NAME_entry_count(name);
for(i=c-1; i>=0; i--){
X509_NAME_ENTRY *e;
e = X509_NAME_get_entry(name,i);
if(!e)
continue;
X509_NAME_get_text_by_OBJ(name, e->object, buf, sizeof(buf));
gf_puts(buf, pc);
gf_puts(NEWLINE, pc);
}
}
bool PeerID::Certificate::checkCommonNames(
const std::function<bool(char const*, std::size_t)> func) const
{
X509_NAME* name = X509_get_subject_name(x509_);
int i = -1;
ASN1_STRING* commonName = 0;
while ((i = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
{
X509_NAME_ENTRY* nameEntry = X509_NAME_get_entry(name, i);
commonName = X509_NAME_ENTRY_get_data(nameEntry);
if (commonName && commonName->data && commonName->length)
{
const char* host = reinterpret_cast<const char*>(commonName->data);
std::size_t len = commonName->length;
if (func(host, len))
return true;
}
}
return false;
}
/* Get the UID field from the certificate subject name.
* The certificate is looked up using the socket of the connection.
*
* Return value: Pointer to the uid string or NULL if not found
*/
char *ssl_getuid(int sock)
{
int idx;
X509 *cert;
X509_NAME *subj;
ASN1_STRING *name;
if (!(cert = ssl_getcert(sock)))
return NULL;
/* Get the subject name */
if (!(subj = X509_get_subject_name(cert)))
return NULL;
/* Get the first UID */
idx = X509_NAME_get_index_by_NID(subj, NID_userId, -1);
if (idx == -1)
return NULL;
name = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subj, idx));
/* Extract the contents, assuming null-terminated ASCII string */
return (char *) ASN1_STRING_data(name);
}
/**
* Tries to find a match for hostname in the certificate's Common Name field.
*
* Returns AMQP_HVR_MATCH_FOUND if a match was found.
* Returns AMQP_HVR_MATCH_NOT_FOUND if no matches were found.
* Returns AMQP_HVR_MALFORMED_CERTIFICATE if the Common Name had a NUL character embedded in it.
* Returns AMQP_HVR_ERROR if the Common Name could not be extracted.
*/
static amqp_hostname_validation_result amqp_matches_common_name(
const char *hostname, const X509 *server_cert) {
int common_name_loc = -1;
X509_NAME_ENTRY *common_name_entry = NULL;
ASN1_STRING *common_name_asn1 = NULL;
char *common_name_str = NULL;
// Find the position of the CN field in the Subject field of the certificate
common_name_loc = X509_NAME_get_index_by_NID(
X509_get_subject_name((X509 *)server_cert), NID_commonName, -1);
if (common_name_loc < 0) {
return AMQP_HVR_ERROR;
}
// Extract the CN field
common_name_entry = X509_NAME_get_entry(
X509_get_subject_name((X509 *)server_cert), common_name_loc);
if (common_name_entry == NULL) {
return AMQP_HVR_ERROR;
}
// Convert the CN field to a C string
common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
if (common_name_asn1 == NULL) {
return AMQP_HVR_ERROR;
}
common_name_str = (char *)ASN1_STRING_data(common_name_asn1);
// Make sure there isn't an embedded NUL character in the CN
if ((size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) {
return AMQP_HVR_MALFORMED_CERTIFICATE;
}
// Compare expected hostname with the CN
if (amqp_hostcheck(common_name_str, hostname) == AMQP_HCR_MATCH) {
return AMQP_HVR_MATCH_FOUND;
} else {
return AMQP_HVR_MATCH_NOT_FOUND;
}
}
/**
* Tries to find a match for hostname in the certificate's Common Name field.
*
* Returns MatchFound if a match was found.
* Returns MatchNotFound if no matches were found.
* Returns MalformedCertificate if the Common Name had a NUL character embedded in it.
* Returns Error if the Common Name could not be extracted.
*/
static HostnameValidationResult matches_common_name(const char *hostname,
const X509 *server_cert) {
int common_name_loc = -1;
X509_NAME_ENTRY *common_name_entry = NULL;
ASN1_STRING *common_name_asn1 = NULL;
char *common_name_str = NULL;
// Find the position of the CN field in the Subject field of the certificate
common_name_loc = X509_NAME_get_index_by_NID(
X509_get_subject_name((X509 *) server_cert), NID_commonName, -1);
if (common_name_loc < 0) {
return Error;
}
// Extract the CN field
common_name_entry = X509_NAME_get_entry(
X509_get_subject_name((X509 *) server_cert), common_name_loc);
if (common_name_entry == NULL) {
return Error;
}
// Convert the CN field to a C string
common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
if (common_name_asn1 == NULL) {
return Error;
}
common_name_str = (char *) ASN1_STRING_data(common_name_asn1);
// Make sure there isn't an embedded NUL character in the CN
if (ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) {
return MalformedCertificate;
}
// Compare expected hostname with the CN
if (hostmatch(hostname, common_name_str) == CURL_HOST_MATCH) {
return MatchFound;
} else {
return MatchNotFound;
}
}
char* crypto_cert_subject_common_name(X509* xcert, int* length)
{
int index;
BYTE* common_name_raw;
char* common_name;
X509_NAME* subject_name;
X509_NAME_ENTRY* entry;
ASN1_STRING* entry_data;
subject_name = X509_get_subject_name(xcert);
if (subject_name == NULL)
return NULL;
index = X509_NAME_get_index_by_NID(subject_name, NID_commonName, -1);
if (index < 0)
return NULL;
entry = X509_NAME_get_entry(subject_name, index);
if (entry == NULL)
return NULL;
entry_data = X509_NAME_ENTRY_get_data(entry);
if (entry_data == NULL)
return NULL;
*length = ASN1_STRING_to_UTF8(&common_name_raw, entry_data);
if (*length < 0)
return NULL;
common_name = _strdup((char*)common_name_raw);
OPENSSL_free(common_name_raw);
return (char*) common_name;
}
static void
x509_print_info (X509 *x509crt)
{
int i, n;
int fn_nid;
ASN1_OBJECT *fn;
ASN1_STRING *val;
X509_NAME *x509_name;
X509_NAME_ENTRY *ent;
const char *objbuf;
unsigned char *buf;
x509_name = X509_get_subject_name (x509crt);
n = X509_NAME_entry_count (x509_name);
for (i = 0; i < n; ++i)
{
ent = X509_NAME_get_entry (x509_name, i);
if (!ent)
continue;
fn = X509_NAME_ENTRY_get_object (ent);
if (!fn)
continue;
val = X509_NAME_ENTRY_get_data (ent);
if (!val)
continue;
fn_nid = OBJ_obj2nid (fn);
if (fn_nid == NID_undef)
continue;
objbuf = OBJ_nid2sn (fn_nid);
if (!objbuf)
continue;
buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
if (ASN1_STRING_to_UTF8 (&buf, val) <= 0)
continue;
printf("X509 %s: %s\n", objbuf, (char *)buf);
OPENSSL_free (buf);
}
}
/*
* Returns specified field of specified X509_NAME structure
*
* Common part of ssl_client_dn and ssl_issuer_dn functions.
*
* Parameter: X509_NAME *name - either subject or issuer of certificate
* Parameter: text fieldName - field name string like 'CN' or commonName
* to be looked up in the OpenSSL ASN1 OID database
*
* Returns result of ASN1_STRING_to_text applied to appropriate
* part of name
*/
datum_t
X509_NAME_field_to_text(X509_NAME *name, text *fieldName)
{
char *string_fieldname;
int nid,
index;
ASN1_STRING *data;
string_fieldname = text_to_cstring(fieldName);
nid = OBJ_txt2nid(string_fieldname);
if (nid == NID_undef)
ereport(ERROR,
(errcode(E_INVALID_PARAMETER_VALUE),
errmsg("invalid X.509 field name: \"%s\"",
string_fieldname)));
pfree(string_fieldname);
index = X509_NAME_get_index_by_NID(name, nid, -1);
if (index < 0)
return (datum_t) 0;
data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, index));
return ASN1_STRING_to_text(data);
}
/**
* Retrive the general names from the object.
*/
static int push_x509_name(lua_State* L, X509_NAME *name)
{
int i;
int n_entries;
ASN1_OBJECT *object;
X509_NAME_ENTRY *entry;
lua_newtable(L);
n_entries = X509_NAME_entry_count(name);
for (i = 0; i < n_entries; i++) {
entry = X509_NAME_get_entry(name, i);
object = X509_NAME_ENTRY_get_object(entry);
lua_newtable(L);
push_asn1_objname(L, object, 1);
lua_setfield(L, -2, "oid");
push_asn1_objname(L, object, 0);
lua_setfield(L, -2, "name");
push_asn1_string(L, X509_NAME_ENTRY_get_data(entry));
lua_setfield(L, -2, "value");
lua_rawseti(L, -2, i+1);
}
return 1;
}
/*
* Return a name string given a X509_NAME object and a name identifier. Used
* by the getattr function.
*
* Arguments: name - The X509_NAME object
* nid - The name identifier
* Returns: The name as a Python string object
*/
static int
get_name_by_nid(X509_NAME *name, int nid, char **utf8string)
{
int entry_idx;
X509_NAME_ENTRY *entry;
ASN1_STRING *data;
int len;
if ((entry_idx = X509_NAME_get_index_by_NID(name, nid, -1)) == -1)
{
return 0;
}
entry = X509_NAME_get_entry(name, entry_idx);
data = X509_NAME_ENTRY_get_data(entry);
if ((len = ASN1_STRING_to_UTF8((unsigned char **)utf8string, data)) < 0)
{
exception_from_error_queue(crypto_Error);
return -1;
}
return len;
}
