diff options
| author | Pierre Ossman <ossman@cendio.se> | 2020-03-24 15:32:13 +0100 |
|---|---|---|
| committer | Pierre Ossman <ossman@cendio.se> | 2020-04-03 15:36:55 +0200 |
| commit | 279b5f865c60ccaa97f4dd24575a37d261d97505 (patch) | |
| tree | 201cfb9ba7deac68a27d9a0d9c4c7ffc5d874b59 /lib/pkcs11.c | |
| parent | bbf7ed8b122b30c9951b11cb2e8c966769754147 (diff) | |
| download | gnutls-279b5f865c60ccaa97f4dd24575a37d261d97505.tar.gz | |
Compare DNs by comparing their string representations
A binary comparison will not work in case the contents is the same but
the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such
variations are permitted so we need to handle them.
Signed-off-by: Pierre Ossman <ossman@cendio.se>
Diffstat (limited to 'lib/pkcs11.c')
| -rw-r--r-- | lib/pkcs11.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 8b65212a50..d03bf6e444 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -4141,6 +4141,8 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, a_vals++; } + /* This doesn't do a proper comparison, see + * _gnutls_x509_compare_raw_dn() */ if (priv->dn.size > 0) { a[a_vals].type = CKA_SUBJECT; a[a_vals].value = priv->dn.data; @@ -4155,6 +4157,7 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, a_vals++; } + /* Same problem as for priv->dn */ if (priv->issuer_dn.size > 0) { a[a_vals].type = CKA_ISSUER; a[a_vals].value = priv->issuer_dn.data; |