diff options
Diffstat (limited to 'lib/x509/dn.c')
-rw-r--r-- | lib/x509/dn.c | 49 |
1 files changed, 46 insertions, 3 deletions
diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 8d428e9b3f..33739e2271 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -982,13 +982,56 @@ int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, const gnutls_datum_t * dn2) { + int ret; + gnutls_datum_t str1, str2; + + /* Simple case of completely identical? */ + + if (dn1->size == dn2->size) { + if (memcmp(dn1->data, dn2->data, dn2->size) == 0) { + return 1; + } + } + + /* RFC5280 (https://tools.ietf.org/html/rfc5280#section-7.1) + * requires that the LDAP StringPrep profile and caseIgnoreMatch + * must be used for this comparison. We do not use that but + * instead we do a simpler comparison that ignores the tags used + * such as `UTF8String` and `PrintableString`. */ - if (dn1->size != dn2->size) { + if ((dn1->size == 0) || (dn2->size == 0)) { + gnutls_assert(); + return 0; + } + + ret = gnutls_x509_rdn_get2(dn1, &str1, 0); + if (ret < 0) { + gnutls_assert(); return 0; } - if (memcmp(dn1->data, dn2->data, dn2->size) != 0) { + + ret = gnutls_x509_rdn_get2(dn2, &str2, 0); + if (ret < 0) { gnutls_assert(); + _gnutls_free_datum(&str1); return 0; } - return 1; /* they match */ + + if (str1.size != str2.size) { + ret = 0; + goto cleanup; + } + if (memcmp(str1.data, str2.data, str2.size) != 0) { + gnutls_assert(); + ret = 0; + goto cleanup; + } + + ret = 1; /* they match */ + +cleanup: + _gnutls_free_datum(&str1); + _gnutls_free_datum(&str2); + + return ret; } |