Пример #1
0
char *ne_ssl_readable_dname(const ne_ssl_dname *name)
{
    gnutls_x509_dn_t dn;
    int ret, rdn = 0, flag = 0;
    ne_buffer *buf;
    gnutls_x509_ava_st val;

#ifdef HAVE_NEW_DN_API
    dn = name->dn;
#else
    if (name->subject)
        ret = gnutls_x509_crt_get_subject(name->cert, &dn);
    else
        ret = gnutls_x509_crt_get_issuer(name->cert, &dn);
    
    if (ret)
        return ne_strdup(_("[unprintable]"));
#endif /* HAVE_NEW_DN_API */

    buf = ne_buffer_create();
    
    /* Find the highest rdn... */
    while (gnutls_x509_dn_get_rdn_ava(dn, rdn++, 0, &val) == 0)
        ;        

    /* ..then iterate back to the first: */
    while (--rdn >= 0) {
        int ava = 0;

        /* Iterate through all AVAs for multivalued AVAs; better than
         * ne_openssl can do! */
        do {
            ret = gnutls_x509_dn_get_rdn_ava(dn, rdn, ava, &val);

            /* If the *only* attribute to append is the common name or
             * email address, use it; otherwise skip those
             * attributes. */
            if (ret == 0 && val.value.size > 0
                && ((!CMPOID(&val, OID_emailAddress)
                     && !CMPOID(&val, OID_commonName))
                    || (buf->used == 1 && rdn == 0))) {
                flag = 1;
                if (buf->used > 1) ne_buffer_append(buf, ", ", 2);

                append_dirstring(buf, &val.value, val.value_tag);
            }
            
            ava++;
        } while (ret == 0);
    }

    return ne_buffer_finish(buf);
}
Пример #2
0
Файл: dn.c Проект: intgr/gnutls 
void
doit (void)
{
  int ret;
  gnutls_datum_t pem_cert = { (unsigned char*)pem, sizeof (pem) };
  gnutls_x509_crt_t cert;
  gnutls_x509_dn_t xdn;

  ret = gnutls_global_init ();
  if (ret < 0)
    fail ("init %d\n", ret);

  ret = gnutls_x509_crt_init (&cert);
  if (ret < 0)
    fail ("crt_init %d\n", ret);

  ret = gnutls_x509_crt_import (cert, &pem_cert, GNUTLS_X509_FMT_PEM);
  if (ret < 0)
    fail ("crt_import %d\n", ret);

  ret = gnutls_x509_crt_get_issuer (cert, &xdn);
  if (ret < 0)
    fail ("get_issuer %d\n", ret);

  if (debug)
    {
      printf ("Issuer:\n");
      print_dn (xdn);
    }

  ret = gnutls_x509_crt_get_subject (cert, &xdn);
  if (ret < 0)
    fail ("get_subject %d\n", ret);

  if (debug)
    {
      printf ("Subject:\n");
      print_dn (xdn);
    }

  if (debug)
    success ("done\n");

  gnutls_x509_crt_deinit (cert);
  gnutls_global_deinit ();
}
Пример #3
0
/* Populate an ne_ssl_certificate structure from an X509 object.  Note
 * that x5 is owned by returned cert object and must not be otherwise
 * freed by the caller.  */
static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert,
                                         gnutls_x509_crt x5)
{
#ifdef HAVE_NEW_DN_API
    gnutls_x509_crt_get_subject(x5, &cert->subj_dn.dn);
    gnutls_x509_crt_get_issuer(x5, &cert->issuer_dn.dn);
#else
    cert->subj_dn.cert = x5;
    cert->subj_dn.subject = 1;
    cert->issuer_dn.cert = x5;
    cert->issuer_dn.subject = 0;
#endif
    cert->issuer = NULL;
    cert->subject = x5;
    cert->identity = NULL;
    check_identity(NULL, x5, &cert->identity);
    return cert;
}
Пример #4
0
void doit(void)
{
	int ret;
	gnutls_datum_t pem_cert = { (unsigned char *) pem, sizeof(pem) };
	gnutls_x509_crt_t cert;
	gnutls_datum_t strdn;
	gnutls_x509_dn_t xdn;

	ret = global_init();
	if (ret < 0)
		fail("init %d\n", ret);

	ret = gnutls_x509_crt_init(&cert);
	if (ret < 0)
		fail("crt_init %d\n", ret);

	ret = gnutls_x509_crt_import(cert, &pem_cert, GNUTLS_X509_FMT_PEM);
	if (ret < 0)
		fail("crt_import %d\n", ret);

	ret = gnutls_x509_crt_get_issuer(cert, &xdn);
	if (ret < 0)
		fail("get_issuer %d\n", ret);

	if (debug) {
		printf("Issuer:\n");
		print_dn(xdn);
	}

	ret = gnutls_x509_crt_get_subject(cert, &xdn);
	if (ret < 0)
		fail("get_subject %d\n", ret);

	/* test the original function behavior */
	ret = gnutls_x509_dn_get_str(xdn, &strdn);
	if (ret < 0)
		fail("gnutls_x509_dn_get_str %d\n", ret);

	if (strdn.size != 44 || strcmp((char*)strdn.data, "CN=CAcert WoT User,[email protected]") != 0) {
		fail("gnutls_x509_dn_get_str string comparison failed: '%s'/%d\n", strdn.data, strdn.size);
	}
	gnutls_free(strdn.data);

	/* test the new function behavior */
	ret = gnutls_x509_dn_get_str2(xdn, &strdn, 0);
	if (ret < 0)
		fail("gnutls_x509_dn_get_str2 %d\n", ret);
	if (strdn.size != 44 || strcmp((char*)strdn.data, "[email protected],CN=CAcert WoT User") != 0) {
		fail("gnutls_x509_dn_get_str2 string comparison failed: '%s'/%d\n", strdn.data, strdn.size);
	}
	gnutls_free(strdn.data);

	/* test the new/compat function behavior */
	ret = gnutls_x509_dn_get_str2(xdn, &strdn, GNUTLS_X509_DN_FLAG_COMPAT);
	if (ret < 0)
		fail("gnutls_x509_dn_get_str2 %d\n", ret);
	if (strdn.size != 44 || strcmp((char*)strdn.data, "CN=CAcert WoT User,[email protected]") != 0) {
		fail("gnutls_x509_dn_get_str2 string comparison failed: '%s'/%d\n", strdn.data, strdn.size);
	}
	gnutls_free(strdn.data);

	if (debug) {
		printf("Subject:\n");
		print_dn(xdn);
	}

	if (debug)
		success("done\n");

	gnutls_x509_crt_deinit(cert);
	gnutls_global_deinit();
}