diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-11-25 10:39:20 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-11-25 10:39:20 +0000 |
commit | 7d0c55d06dba89d026340d48233941dce1b1f395 (patch) | |
tree | 9ac62fcded64d309d4255425df53ad1fbdb79c6a | |
parent | 6cd8239fb1234a3e5f685fa51f47f0981565dba6 (diff) | |
download | gnutls-7d0c55d06dba89d026340d48233941dce1b1f395.tar.gz |
gnutls_x509_extract_certificate_dn_string() now behaves as described in RFC2253.
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_x509.c | 47 |
2 files changed, 37 insertions, 12 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index c549ccd772..537b0d373b 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -408,7 +408,7 @@ typedef struct { } HANDSHAKE_HEADER_BUFFER; /* Openpgp key retrieval callback */ -typedef int (*gnutls_openpgp_recv_key_func)(gnutls_session, +typedef int (*gnutls_openpgp_recv_key_func)(struct gnutls_session_int*, const unsigned char *keyfpr, unsigned int keyfpr_length, gnutls_datum *); typedef struct { diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 68eb0bab07..754dd21af8 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -2838,6 +2838,29 @@ time_t _gnutls_x509_generalTime2gtime(char *ttime) } +static char* str_escape( char* str, char* buffer, unsigned int buffer_size) +{ +int str_length, j, i; + + if (str==NULL || buffer == NULL) return NULL; + + str_length = GMIN( strlen( str), buffer_size - 1); + + for (i=j=0;i<str_length;i++) { + if (str[i]==',' || str[i] == '+' || str[i] == '"' + || str[i] == '\\' || str[i] == '<' || str[i] == '>' + || str[i] == ';') + buffer[j++] = '\\'; + + buffer[j++] = str[i]; + } + + /* null terminate the string */ + buffer[j] = 0; + + return buffer; +} + /** * gnutls_x509_extract_certificate_dn_string - This function returns the certificate's distinguished name * @cert: should contain an X.509 DER encoded certificate @@ -2846,7 +2869,7 @@ time_t _gnutls_x509_generalTime2gtime(char *ttime) * @issuer: if non zero, then extract the name of the issuer, instead of the holder * * This function will copy the name of the certificate holder in the provided buffer. The name - * will be in the form "/C=xxxx/O=yyyy/CN=zzzz". + * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. * * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, * and 0 on success. @@ -2858,6 +2881,7 @@ int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf gnutls_x509_dn dn; gnutls_string str; int ret; + char str_buffer[256]; if (buf == NULL || sizeof_buf == 0) { return GNUTLS_E_INVALID_REQUEST; @@ -2872,12 +2896,12 @@ int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf gnutls_assert(); \ return GNUTLS_E_MEMORY_ERROR; \ } -#define PRINTX( x, y) \ +#define PRINTX( x, y, i) \ if (y[0]!=0) { \ - STR_APPEND( "/"); \ + if (i!=0) STR_APPEND( ","); \ STR_APPEND( x); \ STR_APPEND( "="); \ - STR_APPEND( y); \ + STR_APPEND( str_escape(y, str_buffer, sizeof(str_buffer))); \ } if (!issuer) @@ -2887,13 +2911,14 @@ int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf if (ret < 0) return ret; - PRINTX( "C", dn.country); - PRINTX( "ST", dn.state_or_province_name); - PRINTX( "L", dn.locality_name); - PRINTX( "O", dn.organization); - PRINTX( "OU", dn.organizational_unit_name); - PRINTX( "E", dn.email); - + PRINTX( "CN", dn.common_name, 0); + PRINTX( "E", dn.email, 1); + PRINTX( "OU", dn.organizational_unit_name, 1); + PRINTX( "O", dn.organization, 1); + PRINTX( "L", dn.locality_name, 1); + PRINTX( "ST", dn.state_or_province_name, 1); + PRINTX( "C", dn.country, 1); + if (str.length >= sizeof_buf) { _gnutls_string_clear( &str); return GNUTLS_E_SHORT_MEMORY_BUFFER; |