diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | lib/x509/x509.c | 2 | ||||
| -rw-r--r-- | tests/Makefile.am | 3 | ||||
| -rw-r--r-- | tests/certs/id-on-xmppAddr.pem | 14 | ||||
| -rw-r--r-- | tests/id-on-xmppAddr.c | 72 |
5 files changed, 90 insertions, 2 deletions
diff --git a/.gitignore b/.gitignore index 72a0046202..ee1d177288 100644 --- a/.gitignore +++ b/.gitignore @@ -442,6 +442,7 @@ tests/handshake-write tests/hex tests/hostname-check tests/hostname-check-utf8 +tests/id-on-xmppAddr tests/infoaccess tests/init_roundtrip tests/insecure_key diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 2a5de7e93c..c3801a83f2 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1849,7 +1849,7 @@ get_alt_name(gnutls_subject_alt_names_t san, goto cleanup; } - if (othername_oid && type == GNUTLS_SAN_OTHERNAME && ooid.data) { + if (type == GNUTLS_SAN_OTHERNAME && ooid.data) { unsigned vtype; ret = gnutls_x509_othername_to_virtual((char*)ooid.data, &oname, &vtype, &virt); if (ret >= 0) { diff --git a/tests/Makefile.am b/tests/Makefile.am index 992d2750ba..c6d994f877 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -39,6 +39,7 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \ certs/ecc521.pem certs/rsa-2432.pem x509cert-dir/ca.pem psk.passwd \ certs/rawpk_priv.pem certs/rawpk_pub.pem \ certs/ed25519.pem certs/cert-ed25519.pem certs/rsa-512.pem \ + certs/id-on-xmppAddr.pem \ system.prio pkcs11/softhsm.h pkcs11/pkcs11-pubkey-import.c gnutls-asan.supp \ rsa-md5-collision/README safe-renegotiation/README starttls-smtp.txt starttls-ftp.txt \ starttls-lmtp.txt starttls-pop3.txt starttls-xmpp.txt starttls-nntp.txt starttls-sieve.txt \ @@ -222,7 +223,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \ tls13-without-timeout-func buffer status-request-revoked \ set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \ - x509cert-dntypes + x509cert-dntypes id-on-xmppAddr if HAVE_SECCOMP_TESTS ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp diff --git a/tests/certs/id-on-xmppAddr.pem b/tests/certs/id-on-xmppAddr.pem new file mode 100644 index 0000000000..bf1dbed2b4 --- /dev/null +++ b/tests/certs/id-on-xmppAddr.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICOTCCAe6gAwIBAgIIXv1QAAnHXswwCgYIKoZIzj0EAwQwSzFJMEcGA1UEAwxA +dmVyeS5sb25nLnVzZXJuYW1lQHNvLnRoZS5hc24xLmxlbmd0aC5pcy5hLnZhbGlk +LmFzY2lpLmNoYXJhY3RlcjAeFw0yMTAzMDExOTExMDBaFw0yNDAyMTQxOTExMDBa +MEsxSTBHBgNVBAMMQHZlcnkubG9uZy51c2VybmFtZUBzby50aGUuYXNuMS5sZW5n +dGguaXMuYS52YWxpZC5hc2NpaS5jaGFyYWN0ZXIwSTATBgcqhkjOPQIBBggqhkjO +PQMBAQMyAASP7UkeXGfYhwlcNCcJii71d028T4N5A3aLgdEdlihHRFsFzCB5BPOU +UXiEoPvfyQ2jgcswgcgwCQYDVR0TBAIwADAdBgNVHQ4EFgQU+MsbIfGqU5WdclD1 +gGue6t47wuIwHwYDVR0jBBgwFoAU+MsbIfGqU5WdclD1gGue6t47wuIwCwYDVR0P +BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMFkGA1UdEQRSMFCgTgYIKwYBBQUH +CAWgQgxAdmVyeS5sb25nLnVzZXJuYW1lQHNvLnRoZS5hc24xLmxlbmd0aC5pcy5h +LnZhbGlkLmFzY2lpLmNoYXJhY3RlcjAKBggqhkjOPQQDBAM5ADA2AhkArZgwSory +b3v9LM8074GrUAYrPBTk0gOTAhkA8XPYUtGLdq3cwY18U1OBXTIfieGQqqLj +-----END CERTIFICATE----- diff --git a/tests/id-on-xmppAddr.c b/tests/id-on-xmppAddr.c new file mode 100644 index 0000000000..c143f533e3 --- /dev/null +++ b/tests/id-on-xmppAddr.c @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2021 Steffen Jaeckel + * + * Author: Steffen Jaeckel + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <gnutls/gnutls.h> +#include <gnutls/x509.h> +#include <stdlib.h> +#include <limits.h> + +#include "utils.h" + +#define should_succeed(f) do{ int ret##__LINE__ = (f); if(ret##__LINE__ < 0) { fail(#f " failed %d\n", ret##__LINE__); } }while(0) + +void doit(void) +{ + int ret; + gnutls_x509_crt_t cert; + gnutls_datum_t data; + size_t name_len = 128; + char name[128]; + char path[256]; + const char *src; + const char *id_on_xmppAddr = + "very.long.username@so.the.asn1.length.is.a.valid.ascii.character"; + + src = getenv("srcdir"); + if (src == NULL) + src = "."; + + snprintf(path, sizeof(path), "%s/%s", src, "certs/id-on-xmppAddr.pem"); + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + should_succeed(gnutls_x509_crt_init(&cert)); + should_succeed(gnutls_load_file(path, &data)); + should_succeed(gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM)); + ret = gnutls_x509_crt_get_subject_alt_name(cert, 0, name, &name_len, + NULL); + if (ret != GNUTLS_SAN_OTHERNAME_XMPP) + fail("did not recognize GNUTLS_SAN_OTHERNAME_XMPP"); + + if (strcmp(name, id_on_xmppAddr) != 0) + fail("xmppAddr not decoded correctly: %s", name); + + gnutls_free(data.data); + gnutls_x509_crt_deinit(cert); + gnutls_global_deinit(); +} |