Added new functions to get the LDAP DN in an allocated buffer.

8 files changed, 166 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index dc87601a64..bae782c7a8 100644
--- a/NEWS
+++ b/NEWS
@@ -15,7 +15,10 @@ support AES with PKCS #12.
 ** libgnutls-dane: Updated DANE verification options.
 
 ** API and ABI modifications:
-No changes since last version.
+gnutls_x509_crt_get_issuer_dn2: Added
+gnutls_x509_crt_get_dn2: Added
+gnutls_x509_crl_get_issuer_dn2: Added
+gnutls_x509_crq_get_dn2: Added
 
 
 * Version 3.1.9 (released 2013-02-27)
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 20bb918d3d..46bd2247b7 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -131,6 +131,7 @@ extern "C"
 
   int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
                                      size_t * buf_size);
+  int gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);
   int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx,
                                          void *oid, size_t * oid_size);
   int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
@@ -139,6 +140,7 @@ extern "C"
                                             void *buf, size_t * buf_size);
   int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
                               size_t * buf_size);
+  int gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);
   int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx,
                                   void *oid, size_t * oid_size);
   int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
@@ -530,8 +532,9 @@ extern "C"
   gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
                                       gnutls_datum_t * dn);
 
-  int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl,
+  int gnutls_x509_crl_get_issuer_dn (gnutls_x509_crl_t crl,
                                      char *buf, size_t * sizeof_buf);
+  int gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t* dn);
   int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
                                             const char *oid, int indx,
                                             unsigned int raw_flag,
@@ -916,6 +919,7 @@ extern "C"
 
   int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,
                               size_t * sizeof_buf);
+  int gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t* dn);
   int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx,
                                   void *oid, size_t * sizeof_oid);
   int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index f2fa375804..2fd42760f2 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -893,6 +893,10 @@ GNUTLS_3_1_0 {
 	gnutls_transport_get_int2;
 	gnutls_transport_get_int;
 	gnutls_pkcs11_privkey_status;
+	gnutls_x509_crt_get_issuer_dn2;
+	gnutls_x509_crt_get_dn2;
+	gnutls_x509_crl_get_issuer_dn2;
+	gnutls_x509_crq_get_dn2;
 } GNUTLS_3_0_0;
 
 GNUTLS_PRIVATE {
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 0528ee2886..392ef3140c 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -265,6 +265,33 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
                                   oid, sizeof_oid);
 }
 
+/**
+ * gnutls_x509_crl_get_issuer_dn2:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @dn: a pointer to a structure to hold the name
+ *
+ * This function will allocate buffer and copy the name of the CRL issuer.
+ * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC4514. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value. and a negative error code on error.
+ *
+ * Since: 3.1.10
+ **/
+int
+gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t * dn)
+{
+  if (crl == NULL)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  return _gnutls_x509_get_dn (crl->crl,
+                                "tbsCertList.issuer.rdnSequence", dn);
+}
 
 /**
  * gnutls_x509_crl_get_signature_algorithm:
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 52448725e7..917b319b44 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -257,6 +257,34 @@ gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * buf_size)
 }
 
 /**
+ * gnutls_x509_crq_get_dn2:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @dn: a pointer to a structure to hold the name
+ *
+ * This function will allocate buffer and copy the name of the Certificate 
+ * request. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC4514. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value. and a negative error code on error.
+ *
+ * Since: 3.1.10
+ **/
+int
+gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t * dn)
+{
+  if (crq == NULL)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  return _gnutls_x509_get_dn (crq->crq,
+                                "certificationRequestInfo.subject.rdnSequence", dn);
+}
+
+/**
  * gnutls_x509_crq_get_dn_by_oid:
  * @crq: should contain a gnutls_x509_crq_t structure
  * @oid: holds an Object Identifier in a null terminated string
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 3ecdc72ad7..99d41ffcc5 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -84,6 +84,44 @@ cleanup:
   return ret;
 }
 
+int
+_gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
+                       const char *asn1_rdn_name, gnutls_datum_t * dn)
+{
+char * buf;
+size_t buf_size;
+int ret;
+
+  buf_size = 384;
+  buf = gnutls_malloc(buf_size);
+  if (buf == NULL)
+    return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+  	
+  ret = _gnutls_x509_parse_dn (asn1_struct,
+                                asn1_rdn_name, buf, &buf_size);
+  if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+    {
+      buf = gnutls_realloc_fast(buf, buf_size);
+      if (buf == NULL)
+        return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+      
+      ret = _gnutls_x509_parse_dn (asn1_struct,
+                                   asn1_rdn_name, buf, &buf_size);
+    }
+    
+  if (ret < 0)
+    {
+      gnutls_free(buf);
+      return gnutls_assert_val(ret);
+    }
+  
+  dn->data = (void*)buf;
+  dn->size = buf_size;
+
+  return ret;
+}
+
+
 /* Parses an X509 DN in the asn1_struct, and puts the output into
  * the string buf. The output is an LDAP encoded DN.
  *
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 57f540ae8b..957328a851 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -274,6 +274,34 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
 }
 
 /**
+ * gnutls_x509_crt_get_issuer_dn2:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @dn: a pointer to a structure to hold the name
+ *
+ * This function will allocate buffer and copy the name of issuer of the Certificate.
+ * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC4514. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value. and a negative error code on error.
+ *
+ * Since: 3.1.10
+ **/
+int
+gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+{
+  if (cert == NULL)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  return _gnutls_x509_get_dn (cert->cert,
+                                "tbsCertificate.issuer.rdnSequence", dn);
+}
+
+/**
  * gnutls_x509_crt_get_issuer_dn_by_oid:
  * @cert: should contain a #gnutls_x509_crt_t structure
  * @oid: holds an Object Identified in null terminated string
@@ -393,6 +421,34 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
 }
 
 /**
+ * gnutls_x509_crt_get_dn2:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @dn: a pointer to a structure to hold the name
+ *
+ * This function will allocate buffer and copy the name of the Certificate.
+ * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC4514. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value. and a negative error code on error.
+ *
+ * Since: 3.1.10
+ **/
+int
+gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+{
+  if (cert == NULL)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  return _gnutls_x509_get_dn (cert->cert,
+                                "tbsCertificate.subject.rdnSequence", dn);
+}
+
+/**
  * gnutls_x509_crt_get_dn_by_oid:
  * @cert: should contain a #gnutls_x509_crt_t structure
  * @oid: holds an Object Identified in null terminated string
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 2503166a85..26ad9c45dc 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -112,6 +112,10 @@ int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
                            size_t * sizeof_buf);
 
 int
+_gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
+                       const char *asn1_rdn_name, gnutls_datum_t * dn);
+
+int
 _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
                            const char *asn1_rdn_name,
                            const char *given_oid, int indx,