From 86392e5115bb8629b67dbd535359bbc6df30460d Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 23 Nov 2016 13:12:08 +0100
Subject: IDNA code re-organization

That introduces the internal function gnutls_idna_map(), which
utilizes libidn and libunistring to convert hostnames to IDNA ACE
form.
---
 lib/x509/email-verify.c | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

(limited to 'lib/x509/email-verify.c')

diff --git a/lib/x509/email-verify.c b/lib/x509/email-verify.c
index e6a3b1773c..a96d5ca192 100644
--- a/lib/x509/email-verify.c
+++ b/lib/x509/email-verify.c
@@ -25,7 +25,6 @@
 #include <common.h>
 #include "errors.h"
 #include <system.h>
-#include <gnutls-idna.h>
 
 static int has_embedded_null(const char *str, unsigned size)
 {
@@ -52,16 +51,19 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
 	char rfc822name[MAX_CN];
 	size_t rfc822namesize;
 	int found_rfc822name = 0;
-	int ret = 0, rc;
+	int ret = 0;
 	int i = 0;
 	char *a_email;
 	char *a_rfc822name;
+	gnutls_datum_t out;
 
 	/* convert the provided email to ACE-Labels domain. */
-	rc = idna_to_ascii_8z (email, &a_email, 0);
-	if (rc != IDNA_SUCCESS) {
-		_gnutls_debug_log("unable to convert email %s to IDNA format: %s\n", email, idna_strerror (rc));
+	ret = gnutls_idna_map(email, strlen(email), &out, 0);
+	if (ret < 0) {
+		_gnutls_debug_log("unable to convert email %s to IDNA format\n", email);
 		a_email = (char*)email;
+	} else {
+		a_email = (char*)out.data;
 	}
 
 	/* try matching against:
@@ -92,14 +94,16 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
 				continue;
 			}
 
-			rc = idna_to_ascii_8z (rfc822name, &a_rfc822name, 0);
-			if (rc != IDNA_SUCCESS) {
-				_gnutls_debug_log("unable to convert rfc822name %s to IDNA format: %s\n", rfc822name, idna_strerror (rc));
+			ret = gnutls_idna_map(rfc822name, rfc822namesize, &out, 0);
+			if (ret < 0) {
+				_gnutls_debug_log("unable to convert rfc822name %s to IDNA format\n", rfc822name);
 				continue;
 			}
 
+			a_rfc822name = (char*)out.data;
+
 			ret = _gnutls_hostname_compare(a_rfc822name, strlen(a_rfc822name), a_email, GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS);
-			idn_free(a_rfc822name);
+			gnutls_free(a_rfc822name);
 
 			if (ret != 0) {
 				ret = 1;
@@ -138,16 +142,18 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
 			goto cleanup;
 		}
 
-		rc = idna_to_ascii_8z (rfc822name, &a_rfc822name, 0);
-		if (rc != IDNA_SUCCESS) {
-			_gnutls_debug_log("unable to convert EMAIL %s to IDNA format: %s\n", rfc822name, idna_strerror (rc));
+		ret = gnutls_idna_map (rfc822name, rfc822namesize, &out, 0);
+		if (ret < 0) {
+			_gnutls_debug_log("unable to convert EMAIL %s to IDNA format\n", rfc822name);
 			ret = 0;
 			goto cleanup;
 		}
 
+		a_rfc822name = (char*)out.data;
+
 		ret = _gnutls_hostname_compare(a_rfc822name, strlen(a_rfc822name), a_email, GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS);
 
-		idn_free(a_rfc822name);
+		gnutls_free(a_rfc822name);
 
 		if (ret != 0) {
 			ret = 1;
@@ -160,7 +166,7 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
 	ret = 0;
  cleanup:
 	if (a_email != email) {
-		idn_free(a_email);
+		gnutls_free(a_email);
 	}
 	return ret;
 }
-- 
cgit v1.2.1