diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-05 15:55:09 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-05 15:58:48 +0100 |
commit | 1b31dc9a2dfe8dbe3a4c1f9e30900e0a0efcfda3 (patch) | |
tree | a59ac0fcbd39870fdc83c1dc43d39de2c5007d66 | |
parent | e7056d36d764204e744463f3f25b9c7c63ee8870 (diff) | |
download | gnutls-1b31dc9a2dfe8dbe3a4c1f9e30900e0a0efcfda3.tar.gz |
Added new functions to get the LDAP DN in an allocated buffer.
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | lib/includes/gnutls/x509.h | 6 | ||||
-rw-r--r-- | lib/libgnutls.map | 4 | ||||
-rw-r--r-- | lib/x509/crl.c | 27 | ||||
-rw-r--r-- | lib/x509/crq.c | 28 | ||||
-rw-r--r-- | lib/x509/dn.c | 38 | ||||
-rw-r--r-- | lib/x509/x509.c | 56 | ||||
-rw-r--r-- | lib/x509/x509_int.h | 4 |
8 files changed, 166 insertions, 2 deletions
@@ -15,7 +15,10 @@ support AES with PKCS #12. ** libgnutls-dane: Updated DANE verification options. ** API and ABI modifications: -No changes since last version. +gnutls_x509_crt_get_issuer_dn2: Added +gnutls_x509_crt_get_dn2: Added +gnutls_x509_crl_get_issuer_dn2: Added +gnutls_x509_crq_get_dn2: Added * Version 3.1.9 (released 2013-02-27) diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 20bb918d3d..46bd2247b7 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -131,6 +131,7 @@ extern "C" int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, size_t * buf_size); + int gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn); int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx, void *oid, size_t * oid_size); int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, @@ -139,6 +140,7 @@ extern "C" void *buf, size_t * buf_size); int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, size_t * buf_size); + int gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn); int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx, void *oid, size_t * oid_size); int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, @@ -530,8 +532,9 @@ extern "C" gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, gnutls_datum_t * dn); - int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, + int gnutls_x509_crl_get_issuer_dn (gnutls_x509_crl_t crl, char *buf, size_t * sizeof_buf); + int gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t* dn); int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, const char *oid, int indx, unsigned int raw_flag, @@ -916,6 +919,7 @@ extern "C" int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * sizeof_buf); + int gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t* dn); int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx, void *oid, size_t * sizeof_oid); int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, diff --git a/lib/libgnutls.map b/lib/libgnutls.map index f2fa375804..2fd42760f2 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -893,6 +893,10 @@ GNUTLS_3_1_0 { gnutls_transport_get_int2; gnutls_transport_get_int; gnutls_pkcs11_privkey_status; + gnutls_x509_crt_get_issuer_dn2; + gnutls_x509_crt_get_dn2; + gnutls_x509_crl_get_issuer_dn2; + gnutls_x509_crq_get_dn2; } GNUTLS_3_0_0; GNUTLS_PRIVATE { diff --git a/lib/x509/crl.c b/lib/x509/crl.c index 0528ee2886..392ef3140c 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -265,6 +265,33 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, oid, sizeof_oid); } +/** + * gnutls_x509_crl_get_issuer_dn2: + * @cert: should contain a #gnutls_x509_crt_t structure + * @dn: a pointer to a structure to hold the name + * + * This function will allocate buffer and copy the name of the CRL issuer. + * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as + * described in RFC4514. The output string will be ASCII or UTF-8 + * encoded, depending on the certificate data. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. and a negative error code on error. + * + * Since: 3.1.10 + **/ +int +gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t * dn) +{ + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + return _gnutls_x509_get_dn (crl->crl, + "tbsCertList.issuer.rdnSequence", dn); +} /** * gnutls_x509_crl_get_signature_algorithm: diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 52448725e7..917b319b44 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -257,6 +257,34 @@ gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * buf_size) } /** + * gnutls_x509_crq_get_dn2: + * @crq: should contain a #gnutls_x509_crq_t structure + * @dn: a pointer to a structure to hold the name + * + * This function will allocate buffer and copy the name of the Certificate + * request. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as + * described in RFC4514. The output string will be ASCII or UTF-8 + * encoded, depending on the certificate data. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. and a negative error code on error. + * + * Since: 3.1.10 + **/ +int +gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t * dn) +{ + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + return _gnutls_x509_get_dn (crq->crq, + "certificationRequestInfo.subject.rdnSequence", dn); +} + +/** * gnutls_x509_crq_get_dn_by_oid: * @crq: should contain a gnutls_x509_crq_t structure * @oid: holds an Object Identifier in a null terminated string diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 3ecdc72ad7..99d41ffcc5 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -84,6 +84,44 @@ cleanup: return ret; } +int +_gnutls_x509_get_dn (ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, gnutls_datum_t * dn) +{ +char * buf; +size_t buf_size; +int ret; + + buf_size = 384; + buf = gnutls_malloc(buf_size); + if (buf == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + ret = _gnutls_x509_parse_dn (asn1_struct, + asn1_rdn_name, buf, &buf_size); + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) + { + buf = gnutls_realloc_fast(buf, buf_size); + if (buf == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + ret = _gnutls_x509_parse_dn (asn1_struct, + asn1_rdn_name, buf, &buf_size); + } + + if (ret < 0) + { + gnutls_free(buf); + return gnutls_assert_val(ret); + } + + dn->data = (void*)buf; + dn->size = buf_size; + + return ret; +} + + /* Parses an X509 DN in the asn1_struct, and puts the output into * the string buf. The output is an LDAP encoded DN. * diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 57f540ae8b..957328a851 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -274,6 +274,34 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, } /** + * gnutls_x509_crt_get_issuer_dn2: + * @cert: should contain a #gnutls_x509_crt_t structure + * @dn: a pointer to a structure to hold the name + * + * This function will allocate buffer and copy the name of issuer of the Certificate. + * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as + * described in RFC4514. The output string will be ASCII or UTF-8 + * encoded, depending on the certificate data. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. and a negative error code on error. + * + * Since: 3.1.10 + **/ +int +gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn) +{ + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + return _gnutls_x509_get_dn (cert->cert, + "tbsCertificate.issuer.rdnSequence", dn); +} + +/** * gnutls_x509_crt_get_issuer_dn_by_oid: * @cert: should contain a #gnutls_x509_crt_t structure * @oid: holds an Object Identified in null terminated string @@ -393,6 +421,34 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, } /** + * gnutls_x509_crt_get_dn2: + * @cert: should contain a #gnutls_x509_crt_t structure + * @dn: a pointer to a structure to hold the name + * + * This function will allocate buffer and copy the name of the Certificate. + * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as + * described in RFC4514. The output string will be ASCII or UTF-8 + * encoded, depending on the certificate data. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. and a negative error code on error. + * + * Since: 3.1.10 + **/ +int +gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn) +{ + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + return _gnutls_x509_get_dn (cert->cert, + "tbsCertificate.subject.rdnSequence", dn); +} + +/** * gnutls_x509_crt_get_dn_by_oid: * @cert: should contain a #gnutls_x509_crt_t structure * @oid: holds an Object Identified in null terminated string diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 2503166a85..26ad9c45dc 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -112,6 +112,10 @@ int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, size_t * sizeof_buf); int +_gnutls_x509_get_dn (ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, gnutls_datum_t * dn); + +int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, const char *asn1_rdn_name, const char *given_oid, int indx, |