Revert "x509: allow empty DNs on parsing for subject DNs"

This reverts commit 1641ea943079765d601cf418dc2c89c1c93f0ecf.

6 files changed, 10 insertions, 16 deletions

diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 483b6e8d96..5f20a75051 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -210,7 +210,7 @@ gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, char *buf,
 
 	return _gnutls_x509_parse_dn(crl->crl,
 				     "tbsCertList.issuer.rdnSequence",
-				     buf, sizeof_buf, 0);
+				     buf, sizeof_buf);
 }
 
 /**
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index faf6443bb5..b3a04e7b47 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -269,7 +269,7 @@ gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, size_t * buf_size)
 
 	return _gnutls_x509_parse_dn(crq->crq,
 				     "certificationRequestInfo.subject.rdnSequence",
-				     buf, buf_size, 1);
+				     buf, buf_size);
 }
 
 /**
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 5e0b7026ff..5e6242698c 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -227,7 +227,7 @@ _gnutls_x509_get_dn(ASN1_TYPE asn1_struct,
 int
 _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
 		      const char *asn1_rdn_name, char *buf,
-		      size_t * buf_size, unsigned allow_empty)
+		      size_t * buf_size)
 {
 	int ret;
 	gnutls_datum_t dn = {NULL, 0};
@@ -243,14 +243,8 @@ _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
 		*buf_size = 0;
 
 	ret = _gnutls_x509_get_dn(asn1_struct, asn1_rdn_name, &dn);
-	if (ret < 0) {
-		if (allow_empty && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
-			gnutls_assert();
-			*buf_size = 0;
-			return 0;
-		}
+	if (ret < 0)
 		return gnutls_assert_val(ret);
-	}
 
 	if (dn.size >= (unsigned int) *buf_size) {
 		gnutls_assert();
@@ -870,7 +864,7 @@ gnutls_x509_rdn_get(const gnutls_datum_t * idn,
 		return _gnutls_asn2err(result);
 	}
 
-	result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, buf_size, 0);
+	result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, buf_size);
 
 	asn1_delete_structure(&dn);
 	return result;
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index b52b94f915..92db9b6aad 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -1123,7 +1123,7 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
 
 	ret = _gnutls_x509_parse_dn
 	    (resp->basicresp, "tbsResponseData.responderID.byName",
-	     NULL, &l, 0);
+	     NULL, &l);
 	if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
 		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
 			return 0; /* for backwards compatibility */
@@ -1139,7 +1139,7 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
 
 	ret = _gnutls_x509_parse_dn
 	    (resp->basicresp, "tbsResponseData.responderID.byName",
-	     (char *) dn->data, &l, 0);
+	     (char *) dn->data, &l);
 	if (ret != GNUTLS_E_SUCCESS) {
 		gnutls_assert();
 		return ret;
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index ef27a68d38..8d76f0df8d 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -496,7 +496,7 @@ gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf,
 
 	return _gnutls_x509_parse_dn(cert->cert,
 				     "tbsCertificate.issuer.rdnSequence",
-				     buf, buf_size, 0);
+				     buf, buf_size);
 }
 
 /**
@@ -640,7 +640,7 @@ gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf,
 
 	return _gnutls_x509_parse_dn(cert->cert,
 				     "tbsCertificate.subject.rdnSequence",
-				     buf, buf_size, 1);
+				     buf, buf_size);
 }
 
 /**
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 31475f0678..2c275f4b45 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -160,7 +160,7 @@ int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
 
 int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
 			  const char *asn1_rdn_name, char *buf,
-			  size_t * sizeof_buf, unsigned allow_empty);
+			  size_t * sizeof_buf);
 
 int
 _gnutls_x509_get_dn(ASN1_TYPE asn1_struct,