diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | includes/gnutls/x509.h | 7 | ||||
| -rw-r--r-- | lib/gnutls_cert.c | 2 | ||||
| -rw-r--r-- | lib/x509/dn.c | 56 |
4 files changed, 63 insertions, 3 deletions
@@ -18,6 +18,7 @@ Version 0.9.0 in gnutls/x509.h - The only functions that are now incompatible are: gnutls_x509_certificate_to_xml() + gnutls_x509_extract_dn_string() Version 0.8.1 (22/01/2003) - Improved the SRP support, to prevent attackers guessing the diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index 6acc72748d..dfc4fd775f 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -96,6 +96,13 @@ int gnutls_x509_certificate_get_extension_by_oid(gnutls_x509_certificate cert, c int gnutls_x509_certificate_to_xml(gnutls_x509_certificate cert, gnutls_datum* res, int detail); +/* RDN handling */ +int gnutls_x509_rdn_get(const gnutls_datum * idn, + char *buf, unsigned int *sizeof_buf); + +int gnutls_x509_rdn_get_by_oid(const gnutls_datum * idn, const char* oid, + char *buf, unsigned int *sizeof_buf); + /* CRL handling functions */ diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index c23f2e6e2d..4eae11b8c2 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -205,7 +205,7 @@ void gnutls_certificate_server_set_request(gnutls_session session, * Contains a list with the CA names that the server considers trusted. * Normaly we should send a certificate that is signed * by one of these CAs. These names are DER encoded. To get a more - * meaningful value use the function gnutls_x509_rdn_to_dn(). + * meaningful value use the function gnutls_x509_rdn_get(). * * This function specifies what we, in case of a client, are going * to do when we have to send a certificate. If this callback diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 6178051d0a..a0167d11f5 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -472,7 +472,7 @@ int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, /** - * gnutls_x509_rdn_to_dn - This function parses an RDN sequence and returns a string + * gnutls_x509_rdn_get - This function parses an RDN sequence and returns a string * @idn: should contain a DER encoded RDN sequence * @buf: a pointer to a structure to hold the peer's name * @sizeof_buf: holds the size of 'buf' @@ -485,7 +485,7 @@ int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, * and 0 on success. * **/ -int gnutls_x509_rdn_to_dn(const gnutls_datum * idn, +int gnutls_x509_rdn_get(const gnutls_datum * idn, char *buf, unsigned int *sizeof_buf) { int result; @@ -521,3 +521,55 @@ int gnutls_x509_rdn_to_dn(const gnutls_datum * idn, return result; } + +/** + * gnutls_x509_rdn_get_by_oid - This function parses an RDN sequence and returns a string + * @idn: should contain a DER encoded RDN sequence + * @oid: an Object Identifier + * @buf: a pointer to a structure to hold the peer's name + * @sizeof_buf: holds the size of 'buf' + * + * This function will return the name of the given Object identifier, + * of the RDN sequence. + * The name will be encoded using the rules from RFC2253. + * + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, + * and 0 on success. + * + **/ +int gnutls_x509_rdn_get_by_oid(const gnutls_datum * idn, const char* oid, + char *buf, unsigned int *sizeof_buf) +{ + int result; + ASN1_TYPE dn; + + if (sizeof_buf == 0) { + return GNUTLS_E_INVALID_REQUEST; + } + + if (buf) + buf[0] = 0; + + + if ((result = + _gnutls_asn1_create_element(_gnutls_get_pkix(), + "PKIX1.Name", &dn, + "dn")) != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); + if (result != ASN1_SUCCESS) { + /* couldn't decode DER */ + gnutls_assert(); + asn1_delete_structure(&dn); + return _gnutls_asn2err(result); + } + + result = _gnutls_x509_parse_dn_oid(dn, "dn", oid, buf, sizeof_buf); + + asn1_delete_structure(&dn); + return result; + +} |