when keeping peer cert, alt names were getting lost for the peer name check

2025-07-31 11:17:29 +02:00 · 2015-04-01 15:36:55 -07:00
parent afbd517838
commit 50e829ea79
3 changed files with 8 additions and 4 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -3817,9 +3817,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
        x509->derCert.length = dCert->maxIdx;
    }

-    x509->altNames     = dCert->altNames;
-    dCert->altNames    = NULL;     /* takes ownership */
-    x509->altNamesNext = x509->altNames;  /* index hint */
+    x509->altNames       = dCert->altNames;
+    dCert->weOwnAltNames = 0;
+    x509->altNamesNext   = x509->altNames;  /* index hint */

    x509->isCa = dCert->isCA;
 #ifdef OPENSSL_EXTRA
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -1425,6 +1425,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
    cert->subjectCNLen    = 0;
    cert->subjectCNEnc    = CTC_UTF8;
    cert->subjectCNStored = 0;
+    cert->weOwnAltNames   = 0;
    cert->altNames        = NULL;
 #ifndef IGNORE_NAME_CONSTRAINTS
    cert->altEmailNames   = NULL;
@ -1563,7 +1564,7 @@ void FreeDecodedCert(DecodedCert* cert)
        XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
    if (cert->pubKeyStored == 1)
        XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if (cert->altNames)
+    if (cert->weOwnAltNames && cert->altNames)
        FreeAltNames(cert->altNames, cert->heap);
 #ifndef IGNORE_NAME_CONSTRAINTS
    if (cert->altEmailNames)
@ -3416,6 +3417,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
        return ASN_PARSE_E;
    }

+    cert->weOwnAltNames = 1;
+
    while (length > 0) {
        byte       b = input[idx++];

--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@ -387,6 +387,7 @@ struct DecodedCert {
    byte    extNameConstraintSet;
 #endif /* IGNORE_NAME_CONSTRAINTS */
    byte    isCA;                    /* CA basic constraint true         */
+    byte    weOwnAltNames;           /* altNames haven't been given to copy */
    byte    extKeyUsageSet;
    word16  extKeyUsage;             /* Key usage bitfield               */
    byte    extExtKeyUsageSet;       /* Extended Key Usage               */