Merge pull request #6525 from lealem47/san

Improve subjectAltName extension parsing and printing
2026-01-28 12:12:24 +01:00 · 2023-07-22 08:19:54 -06:00
parent 2acc4a6dd5 318c95a2c2
commit d3202600a4
5 changed files with 253 additions and 11 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -24918,7 +24918,9 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {

    /* oidCertNameType */
    { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"},
+#if !defined(WOLFSSL_CERT_REQ)
    { NID_surname, NID_surname, oidCertNameType, "SN", "surname"},
+#endif
    { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber",
                                                            "serialNumber"},
    { NID_userId, NID_userId, oidCertNameType, "UID", "userid"},
@@ -33109,6 +33111,24 @@ word32 nid2oid(int nid, int grp)
            }
            break;

+        /* oidCmsKeyAgreeType */
+    #ifdef WOLFSSL_CERT_REQ
+        case oidCsrAttrType:
+            switch (nid) {
+                case NID_pkcs9_contentType:
+                    return PKCS9_CONTENT_TYPE_OID;
+                case NID_pkcs9_challengePassword:
+                    return CHALLENGE_PASSWORD_OID;
+                case NID_serialNumber:
+                    return SERIAL_NUMBER_OID;
+                case NID_userId:
+                    return USER_ID_OID;
+                case NID_surname:
+                    return SURNAME_OID;
+            }
+            break;
+    #endif
+
        default:
            WOLFSSL_MSG("NID not in table");
            /* MSVC warns without the cast */
@@ -33487,7 +33507,7 @@ int oid2nid(word32 oid, int grp)
 #endif

        default:
-            WOLFSSL_MSG("NID not in table");
+            WOLFSSL_MSG("OID not in table");
    }
    /* If not found in above switch then try the table */
    for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) {
--- a/src/x509.c
+++ b/src/x509.c
@@ -5866,11 +5866,21 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
                else if (entry->type == ASN_URI_TYPE) {
                    len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s",
                        entry->name);
+                     if (len >= MAX_WIDTH) {
+                        ret = WOLFSSL_FAILURE;
+                        break;
+                    }
+                }
+            #if defined(OPENSSL_ALL)
+                else if (entry->type == ASN_RID_TYPE) {
+                    len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
+                        entry->ridString);
                    if (len >= MAX_WIDTH) {
                        ret = WOLFSSL_FAILURE;
                        break;
                    }
                }
+            #endif
                else if (entry->type == ASN_OTHER_TYPE) {
                    len = XSNPRINTF(scratch, MAX_WIDTH,
                        "othername <unsupported>");