wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

when keeping peer cert, alt names were getting lost for the peer name check

Browse Source
This commit is contained in:
John Safranek
2015-04-01 15:36:55 -07:00
parent afbd517838
commit 50e829ea79
3 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/internal.c
View File

@@ -3817,9 +3817,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->derCert.length = dCert->maxIdx; x509->derCert.length = dCert->maxIdx;
} }
x509->altNames = dCert->altNames; x509->altNames = dCert->altNames;
dCert->altNames = NULL; /* takes ownership */ dCert->weOwnAltNames = 0;
x509->altNamesNext = x509->altNames; /* index hint */ x509->altNamesNext = x509->altNames; /* index hint */
x509->isCa = dCert->isCA; x509->isCa = dCert->isCA;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA

5
wolfcrypt/src/asn.c
View File

@@ -1425,6 +1425,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->subjectCNLen = 0; cert->subjectCNLen = 0;
cert->subjectCNEnc = CTC_UTF8; cert->subjectCNEnc = CTC_UTF8;
cert->subjectCNStored = 0; cert->subjectCNStored = 0;
cert->weOwnAltNames = 0;
cert->altNames = NULL; cert->altNames = NULL;
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
cert->altEmailNames = NULL; cert->altEmailNames = NULL;
@@ -1563,7 +1564,7 @@ void FreeDecodedCert(DecodedCert* cert)
XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN); XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
if (cert->pubKeyStored == 1) if (cert->pubKeyStored == 1)
XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (cert->altNames) if (cert->weOwnAltNames && cert->altNames)
FreeAltNames(cert->altNames, cert->heap); FreeAltNames(cert->altNames, cert->heap);
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
if (cert->altEmailNames) if (cert->altEmailNames)
@@ -3416,6 +3417,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
return ASN_PARSE_E; return ASN_PARSE_E;
} }
cert->weOwnAltNames = 1;
while (length > 0) { while (length > 0) {
byte b = input[idx++]; byte b = input[idx++];

1
wolfssl/wolfcrypt/asn.h
View File

@@ -387,6 +387,7 @@ struct DecodedCert {
byte extNameConstraintSet; byte extNameConstraintSet;
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
byte isCA; /* CA basic constraint true */ byte isCA; /* CA basic constraint true */
byte weOwnAltNames; /* altNames haven't been given to copy */
byte extKeyUsageSet; byte extKeyUsageSet;
word16 extKeyUsage; /* Key usage bitfield */ word16 extKeyUsage; /* Key usage bitfield */
byte extExtKeyUsageSet; /* Extended Key Usage */ byte extExtKeyUsageSet; /* Extended Key Usage */