diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-23 10:53:23 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-25 12:03:37 +0100 |
| commit | d75ccdc794e16f0d155f9b854fa58868b7de1f51 (patch) | |
| tree | 7fb8ce4bc1a6852fcd32e91e04baa80440ba2079 | |
| parent | 7dc44ad71e3e3c50140b1d6c3ce5c473268b7abd (diff) | |
| download | gnutls-d75ccdc794e16f0d155f9b854fa58868b7de1f51.tar.gz | |
gnutls_x509_aia_set: IDNA encode when needed
| -rw-r--r-- | lib/x509/virt-san.c | 37 | ||||
| -rw-r--r-- | lib/x509/x509_ext.c | 36 | ||||
| -rw-r--r-- | lib/x509/x509_ext_int.h | 5 |
3 files changed, 47 insertions, 31 deletions
diff --git a/lib/x509/virt-san.c b/lib/x509/virt-san.c index c1918af2d4..f3b87135b1 100644 --- a/lib/x509/virt-san.c +++ b/lib/x509/virt-san.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2015 Nikos Mavrogiannopoulos - * Copyright (C) 2015 Red Hat, Inc. + * Copyright (C) 2015-2016 Nikos Mavrogiannopoulos + * Copyright (C) 2015-2016 Red Hat, Inc. * * This file is part of GnuTLS. * @@ -25,6 +25,7 @@ #include "gnutls_int.h" #include "x509_int.h" +#include "x509_ext_int.h" #include "common.h" #include "krb5.h" #include "virt-san.h" @@ -65,32 +66,11 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutl if (type < 1000) { name->type = type; - if (type == GNUTLS_SAN_DNSNAME && !raw) { - ret = gnutls_idna_map((char*)san->data, san->size, &name->san, 0); - if (ret < 0) { - return gnutls_assert_val(ret); - } - gnutls_free(san->data); - san->data = NULL; - } else if (type == GNUTLS_SAN_RFC822NAME && !raw) { - ret = _gnutls_idna_email_map((char*)san->data, san->size, &name->san); - if (ret < 0) { - return gnutls_assert_val(ret); - } - gnutls_free(san->data); - san->data = NULL; - } else if (type == GNUTLS_SAN_URI && !raw) { - if (!_gnutls_str_is_print((char*)san->data, san->size)) { - _gnutls_debug_log("non-ASCII URIs are not supported\n"); - return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); - } else { - name->san.data = san->data; - name->san.size = san->size; - } - } else { - name->san.data = san->data; - name->san.size = san->size; - } + ret = _gnutls_alt_name_process(&name->san, type, san, raw); + if (ret < 0) + return gnutls_assert_val(ret); + gnutls_free(san->data); + san->data = NULL; if (othername_oid) { name->othername_oid.data = (uint8_t *) othername_oid; @@ -99,7 +79,6 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutl name->othername_oid.data = NULL; name->othername_oid.size = 0; } - } else { /* virtual types */ const char *oid = virtual_to_othername_oid(type); diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index 0756ed5996..c70d3e7f67 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -2603,6 +2603,37 @@ int gnutls_x509_aia_get(gnutls_x509_aia_t aia, unsigned int seq, return 0; } +int _gnutls_alt_name_process(gnutls_datum_t *out, unsigned type, const gnutls_datum_t *san, unsigned raw) +{ + int ret; + if (type == GNUTLS_SAN_DNSNAME && !raw) { + ret = gnutls_idna_map((char*)san->data, san->size, out, 0); + if (ret < 0) { + return gnutls_assert_val(ret); + } + } else if (type == GNUTLS_SAN_RFC822NAME && !raw) { + ret = _gnutls_idna_email_map((char*)san->data, san->size, out); + if (ret < 0) { + return gnutls_assert_val(ret); + } + } else if (type == GNUTLS_SAN_URI && !raw) { + if (!_gnutls_str_is_print((char*)san->data, san->size)) { + _gnutls_debug_log("non-ASCII URIs are not supported\n"); + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + } else { + ret = _gnutls_set_strdatum(out, san->data, san->size); + if (ret < 0) + return gnutls_assert_val(ret); + } + } else { + ret = _gnutls_set_strdatum(out, san->data, san->size); + if (ret < 0) + return gnutls_assert_val(ret); + } + + return 0; +} + /** * gnutls_x509_aia_set: * @aia: The authority info access @@ -2617,6 +2648,9 @@ int gnutls_x509_aia_get(gnutls_x509_aia_t aia, unsigned int seq, * Typically the value for @oid should be %GNUTLS_OID_AD_OCSP, or * %GNUTLS_OID_AD_CAISSUERS. * + * Since version 3.5.7 the %GNUTLS_SAN_RFC822NAME, and %GNUTLS_SAN_DNSNAME, + * are converted to ACE format when necessary. + * * Returns: On success, %GNUTLS_E_SUCCESS (0), otherwise a negative error value. * * Since: 3.3.0 @@ -2646,7 +2680,7 @@ int gnutls_x509_aia_set(gnutls_x509_aia_t aia, aia->aia[indx].oid.size = 0; } - ret = _gnutls_set_datum(&aia->aia[indx].san, san->data, san->size); + ret = _gnutls_alt_name_process(&aia->aia[indx].san, san_type, san, 0); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/x509/x509_ext_int.h b/lib/x509/x509_ext_int.h index 34d0207fb4..3bca97f30e 100644 --- a/lib/x509/x509_ext_int.h +++ b/lib/x509/x509_ext_int.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2014 Free Software Foundation + * Copyright (C) 2014-2016 Free Software Foundation + * Copyright (C) 2014-2016 Red Hat, Inc. * * This file is part of GnuTLS. * @@ -28,4 +29,6 @@ struct name_st { gnutls_datum_t othername_oid; }; +int _gnutls_alt_name_process(gnutls_datum_t *out, unsigned type, const gnutls_datum_t *san, unsigned raw); + #endif |