diff options
| author | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-18 00:13:34 +0300 |
|---|---|---|
| committer | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-18 09:27:04 +0300 |
| commit | a79c1b931c116bdda2559d31b14a509e16a8fd93 (patch) | |
| tree | a78c7df3fac4bdfacdbf8a1e9c6ac66f7176b970 | |
| parent | a9f907be146be0df2cc756c19543ec1d10ccdef9 (diff) | |
| download | gnutls-a79c1b931c116bdda2559d31b14a509e16a8fd93.tar.gz | |
x509: support commonName extension
Add support for Common Name certificate extension.
Fixes #989
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| -rw-r--r-- | lib/x509/output.c | 16 | ||||
| -rw-r--r-- | tests/cert-tests/Makefile.am | 2 | ||||
| -rwxr-xr-x | tests/cert-tests/certtool | 12 | ||||
| -rw-r--r-- | tests/cert-tests/data/commonName.cer | 52 |
4 files changed, 81 insertions, 1 deletions
diff --git a/lib/x509/output.c b/lib/x509/output.c index c8b0c66ddb..64cfade64d 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -1259,6 +1259,22 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, critical ? _("critical") : _("not critical")); print_issuer_sign_tool(str, prefix, der); + } else if (strcmp(oid, "2.5.4.3") == 0) { + int ret; + gnutls_datum_t tmp = {NULL, 0}; + + addf(str, _("%s\t\tCommon Name (%s):\n"), + prefix, + critical ? _("critical") : _("not critical")); + + ret = _gnutls_x509_decode_string(ASN1_ETYPE_PRINTABLE_STRING, der->data, der->size, &tmp, 0); + if (ret < 0) { + addf(str, "error: x509_decode_string: %s\n", + gnutls_strerror(ret)); + } else { + addf(str, "%s\t\t\t%s\n", prefix, tmp.data); + gnutls_free(tmp.data); + } } else { addf(str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid, diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 87d9314363..17886ef7c5 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -101,7 +101,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/cert-with-non-digits-time-ca.pem data/cert-with-non-digits-time.pem \ data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem \ templates/template-no-ca-honor.tmpl templates/template-no-ca-explicit.tmpl \ - data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem + data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem data/commonName.cer dist_check_SCRIPTS = pathlen aki invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool index e604634678..3494aaacbe 100755 --- a/tests/cert-tests/certtool +++ b/tests/cert-tests/certtool @@ -153,6 +153,18 @@ if test $? = 0;then exit 1 fi +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/commonName.cer" | grep -v "Not After:" > ${TMPFILE1} +if test $? != 0;then + echo "commonName cert output failed" + exit 1 +fi + +${DIFF} "${srcdir}/data/commonName.cer" ${TMPFILE1} +if test $? != 0;then + exit 1 +fi + + rm -f ${TMPFILE1} ${TMPFILE2} export TZ="UTC" diff --git a/tests/cert-tests/data/commonName.cer b/tests/cert-tests/data/commonName.cer new file mode 100644 index 0000000000..91d02fdd85 --- /dev/null +++ b/tests/cert-tests/data/commonName.cer @@ -0,0 +1,52 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 06376c00aa00648a11cfb8d4aa5c35f4 + Issuer: CN=Root Agency + Validity: + Not Before: Tue May 28 22:02:59 UTC 1996 + Subject: CN=Root Agency + Subject Public Key Algorithm: RSA + Algorithm Security Level: Export (512 bits) + Modulus (bits 512): + 00:81:55:22:b9:8a:a4:6f:ed:d6:e7:d9:66:0f:55:bc + d7:cd:d5:bc:4e:40:02:21:a2:b1:f7:87:30:85:5e:d2 + f2:44:b9:dc:9b:75:b6:fb:46:5f:42:b6:9d:23:36:0b + de:54:0f:cd:bd:1f:99:2a:10:58:11:cb:40:cb:b5:a7 + 41 + Exponent (bits 24): + 01:00:01 + Extensions: + Common Name (not critical): + For Testing Purposes Only Sample Software Publishing Credentials Agency + Unknown extension 2.5.29.1 (not critical): + ASCII: 0>.....-...O..a!..dc..0.1.0...U....Root Agency...7l...d......\5. + Hexdump: 303e801012e4092d061d1d4f008d6121dc166463a1183016311430120603550403130b526f6f74204167656e6379821006376c00aa00648a11cfb8d4aa5c35f4 + Signature Algorithm: RSA-MD5 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 2d:2e:3e:7b:89:42:89:3f:a8:21:17:fa:f0:f5:c3:95 + db:62:69:5b:c9:dc:c1:b3:fa:f0:c4:6f:6f:64:9a:bd + e7:1b:25:68:72:83:67:bd:56:b0:8d:01:bd:2a:f7:cc + 4b:bd:87:a5:ba:87:20:4c:42:11:41:ad:10:17:3b:8c +Other Information: + Fingerprint: + sha1:fee449ee0e3965a5246f000e87fde2a065fd89d4 + sha256:8b13dbb25eb339a630c76c810d14b44b552e68dc10a93e82e754da23f858774a + Public Key ID: + sha1:38596dac2a46c9002309905e1f02c1fb5df724cd + sha256:73a97a992bfd29b91ef23175b367db9c561c516f634f759e3d430230a3d0695c + Public Key PIN: + pin-sha256:c6l6mSv9Kbke8jF1s2fbnFYcUW9jT3WePUMCMKPQaVw= + +-----BEGIN CERTIFICATE----- +MIIByjCCAXSgAwIBAgIQBjdsAKoAZIoRz7jUqlw19DANBgkqhkiG9w0BAQQFADAW +MRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw05NjA1MjgyMjAyNTlaFw0zOTEyMzEy +MzU5NTlaMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MFswDQYJKoZIhvcNAQEBBQAD +SgAwRwJAgVUiuYqkb+3W59lmD1W8183VvE5AAiGisfeHMIVe0vJEudybdbb7Rl9C +tp0jNgveVA/NvR+ZKhBYEctAy7WnQQIDAQABo4GeMIGbMFAGA1UEAwRJE0dGb3Ig +VGVzdGluZyBQdXJwb3NlcyBPbmx5IFNhbXBsZSBTb2Z0d2FyZSBQdWJsaXNoaW5n +IENyZWRlbnRpYWxzIEFnZW5jeTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRj +oRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwDQYJ +KoZIhvcNAQEEBQADQQAtLj57iUKJP6ghF/rw9cOV22JpW8ncwbP68MRvb2Savecb +JWhyg2e9VrCNAb0q98xLvYeluocgTEIRQa0QFzuM +-----END CERTIFICATE----- |