458
ret = os_snprintf(pos, end - pos, "C=%s, ", name->c);
459
if (ret < 0 || ret >= end - pos)
464
ret = os_snprintf(pos, end - pos, "ST=%s, ", name->st);
465
if (ret < 0 || ret >= end - pos)
470
ret = os_snprintf(pos, end - pos, "L=%s, ", name->l);
471
if (ret < 0 || ret >= end - pos)
476
ret = os_snprintf(pos, end - pos, "O=%s, ", name->o);
477
if (ret < 0 || ret >= end - pos)
482
ret = os_snprintf(pos, end - pos, "OU=%s, ", name->ou);
483
if (ret < 0 || ret >= end - pos)
488
ret = os_snprintf(pos, end - pos, "CN=%s, ", name->cn);
518
for (i = 0; i < name->num_attr; i++) {
519
ret = os_snprintf(pos, end - pos, "%s=%s, ",
520
x509_name_attr_str(name->attr[i].type),
521
name->attr[i].value);
489
522
if (ret < 0 || ret >= end - pos)
494
527
if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
499
534
if (name->email) {
853
static int x509_parse_alt_name_rfc8222(struct x509_name *name,
854
const u8 *pos, size_t len)
856
/* rfc822Name IA5String */
857
wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len);
858
os_free(name->alt_email);
859
name->alt_email = os_zalloc(len + 1);
860
if (name->alt_email == NULL)
862
os_memcpy(name->alt_email, pos, len);
863
if (os_strlen(name->alt_email) != len) {
864
wpa_printf(MSG_INFO, "X509: Reject certificate with "
865
"embedded NUL byte in rfc822Name (%s[NUL])",
867
os_free(name->alt_email);
868
name->alt_email = NULL;
875
static int x509_parse_alt_name_dns(struct x509_name *name,
876
const u8 *pos, size_t len)
878
/* dNSName IA5String */
879
wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len);
881
name->dns = os_zalloc(len + 1);
882
if (name->dns == NULL)
884
os_memcpy(name->dns, pos, len);
885
if (os_strlen(name->dns) != len) {
886
wpa_printf(MSG_INFO, "X509: Reject certificate with "
887
"embedded NUL byte in dNSName (%s[NUL])",
897
static int x509_parse_alt_name_uri(struct x509_name *name,
898
const u8 *pos, size_t len)
900
/* uniformResourceIdentifier IA5String */
901
wpa_hexdump_ascii(MSG_MSGDUMP,
902
"X509: altName - uniformResourceIdentifier",
905
name->uri = os_zalloc(len + 1);
906
if (name->uri == NULL)
908
os_memcpy(name->uri, pos, len);
909
if (os_strlen(name->uri) != len) {
910
wpa_printf(MSG_INFO, "X509: Reject certificate with "
911
"embedded NUL byte in uniformResourceIdentifier "
912
"(%s[NUL])", name->uri);
921
static int x509_parse_alt_name_ip(struct x509_name *name,
922
const u8 *pos, size_t len)
924
/* iPAddress OCTET STRING */
925
wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len);
927
name->ip = os_malloc(len);
928
if (name->ip == NULL)
930
os_memcpy(name->ip, pos, len);
936
static int x509_parse_alt_name_rid(struct x509_name *name,
937
const u8 *pos, size_t len)
941
/* registeredID OBJECT IDENTIFIER */
942
if (asn1_parse_oid(pos, len, &name->rid) < 0)
945
asn1_oid_to_str(&name->rid, buf, sizeof(buf));
946
wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf);
952
static int x509_parse_ext_alt_name(struct x509_name *name,
953
const u8 *pos, size_t len)
959
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
961
* GeneralName ::= CHOICE {
962
* otherName [0] OtherName,
963
* rfc822Name [1] IA5String,
964
* dNSName [2] IA5String,
965
* x400Address [3] ORAddress,
966
* directoryName [4] Name,
967
* ediPartyName [5] EDIPartyName,
968
* uniformResourceIdentifier [6] IA5String,
969
* iPAddress [7] OCTET STRING,
970
* registeredID [8] OBJECT IDENTIFIER }
972
* OtherName ::= SEQUENCE {
973
* type-id OBJECT IDENTIFIER,
974
* value [0] EXPLICIT ANY DEFINED BY type-id }
976
* EDIPartyName ::= SEQUENCE {
977
* nameAssigner [0] DirectoryString OPTIONAL,
978
* partyName [1] DirectoryString }
981
for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) {
984
if (asn1_get_next(p, end - p, &hdr) < 0) {
985
wpa_printf(MSG_DEBUG, "X509: Failed to parse "
986
"SubjectAltName item");
990
if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC)
995
res = x509_parse_alt_name_rfc8222(name, hdr.payload,
999
res = x509_parse_alt_name_dns(name, hdr.payload,
1003
res = x509_parse_alt_name_uri(name, hdr.payload,
1007
res = x509_parse_alt_name_ip(name, hdr.payload,
1011
res = x509_parse_alt_name_rid(name, hdr.payload,
1014
case 0: /* TODO: otherName */
1015
case 3: /* TODO: x500Address */
1016
case 4: /* TODO: directoryName */
1017
case 5: /* TODO: ediPartyName */
1030
static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1031
const u8 *pos, size_t len)
1033
struct asn1_hdr hdr;
1035
/* SubjectAltName ::= GeneralNames */
1037
if (asn1_get_next(pos, len, &hdr) < 0 ||
1038
hdr.class != ASN1_CLASS_UNIVERSAL ||
1039
hdr.tag != ASN1_TAG_SEQUENCE) {
1040
wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1041
"SubjectAltName; found %d tag 0x%x",
1042
hdr.class, hdr.tag);
1046
wpa_printf(MSG_DEBUG, "X509: SubjectAltName");
1047
cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1049
if (hdr.length == 0)
1052
return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1057
static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1058
const u8 *pos, size_t len)
1060
struct asn1_hdr hdr;
1062
/* IssuerAltName ::= GeneralNames */
1064
if (asn1_get_next(pos, len, &hdr) < 0 ||
1065
hdr.class != ASN1_CLASS_UNIVERSAL ||
1066
hdr.tag != ASN1_TAG_SEQUENCE) {
1067
wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1068
"IssuerAltName; found %d tag 0x%x",
1069
hdr.class, hdr.tag);
1073
wpa_printf(MSG_DEBUG, "X509: IssuerAltName");
1074
cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1076
if (hdr.length == 0)
1079
return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
818
1084
static int x509_parse_extension_data(struct x509_certificate *cert,
819
1085
struct asn1_oid *oid,
820
1086
const u8 *pos, size_t len)