diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-16 14:48:59 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-25 12:03:37 +0100 |
| commit | 7dc44ad71e3e3c50140b1d6c3ce5c473268b7abd (patch) | |
| tree | 934230567ff963789dab4456956f4c9c31de459b /lib/x509/virt-san.c | |
| parent | ee7e72a71f0527ca02329fefd18a47ebfe65ffcc (diff) | |
| download | gnutls-7dc44ad71e3e3c50140b1d6c3ce5c473268b7abd.tar.gz | |
When writing alternative names to certificates ensure we write in ACE format
Diffstat (limited to 'lib/x509/virt-san.c')
| -rw-r--r-- | lib/x509/virt-san.c | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/lib/x509/virt-san.c b/lib/x509/virt-san.c index 83e5414479..c1918af2d4 100644 --- a/lib/x509/virt-san.c +++ b/lib/x509/virt-san.c @@ -57,15 +57,40 @@ const char * virtual_to_othername_oid(unsigned type) } } -int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutls_datum_t *san, const char *othername_oid) +int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutls_datum_t *san, const char *othername_oid, unsigned raw) { gnutls_datum_t encoded = {NULL, 0}; + gnutls_datum_t xmpp = {NULL,0}; int ret; if (type < 1000) { name->type = type; - name->san.data = san->data; - name->san.size = san->size; + if (type == GNUTLS_SAN_DNSNAME && !raw) { + ret = gnutls_idna_map((char*)san->data, san->size, &name->san, 0); + if (ret < 0) { + return gnutls_assert_val(ret); + } + gnutls_free(san->data); + san->data = NULL; + } else if (type == GNUTLS_SAN_RFC822NAME && !raw) { + ret = _gnutls_idna_email_map((char*)san->data, san->size, &name->san); + if (ret < 0) { + return gnutls_assert_val(ret); + } + gnutls_free(san->data); + san->data = NULL; + } else if (type == GNUTLS_SAN_URI && !raw) { + if (!_gnutls_str_is_print((char*)san->data, san->size)) { + _gnutls_debug_log("non-ASCII URIs are not supported\n"); + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + } else { + name->san.data = san->data; + name->san.size = san->size; + } + } else { + name->san.data = san->data; + name->san.size = san->size; + } if (othername_oid) { name->othername_oid.data = (uint8_t *) othername_oid; @@ -83,8 +108,15 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutl switch(type) { case GNUTLS_SAN_OTHERNAME_XMPP: + + ret = gnutls_idna_map((char*)san->data, san->size, &xmpp, 0); + if (ret < 0) + return gnutls_assert_val(ret); + ret = _gnutls_x509_encode_string(ASN1_ETYPE_UTF8_STRING, - san->data, san->size, &encoded); + xmpp.data, xmpp.size, &encoded); + + gnutls_free(xmpp.data); if (ret < 0) return gnutls_assert_val(ret); |