Added SAN ("Subject Alternative Name" support

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@159 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2025-08-01 03:47:23 +03:00 · 2009-09-23 12:38:23 +00:00
parent 95e8c7998f
commit 2cedd59384
6 changed files with 166 additions and 8 deletions
--- a/ssl/x509.c
+++ b/ssl/x509.c
@ -147,7 +147,53 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
        x509_ctx->digest = bi_import(bi_ctx, md2_dgst, MD2_SIZE);
    }

-    offset = end_tbs;   /* skip the v3 data */
+    if (cert[offset] == ASN1_V3_DATA)
+    {
+        int suboffset;
+
+        ++offset;
+        get_asn1_length(cert, &offset);
+
+        if ((suboffset = asn1_find_subjectaltname(cert, offset)) > 0)
+        {
+            if (asn1_next_obj(cert, &suboffset, ASN1_OCTET_STRING) > 0)
+            {
+                int altlen;
+
+                if ((altlen = asn1_next_obj(cert, 
+                                            &suboffset, ASN1_SEQUENCE)) > 0)
+                {
+                    int endalt = suboffset + altlen;
+                    int totalnames = 0;
+
+                    while (suboffset < endalt)
+                    {
+                        int type = cert[suboffset++];
+                        int dnslen = get_asn1_length(cert, &suboffset);
+
+                        if (type == ASN1_CONTEXT_DNSNAME)
+                        {
+                            x509_ctx->subject_alt_dnsnames = (char**)
+                                    realloc(x509_ctx->subject_alt_dnsnames, 
+                                       (totalnames + 2) * sizeof(char*));
+                            x509_ctx->subject_alt_dnsnames[totalnames] = 
+                                    (char*)malloc(dnslen + 1);
+                            x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
+                            memcpy(x509_ctx->subject_alt_dnsnames[totalnames], 
+                                    cert + suboffset, dnslen);
+                            x509_ctx->subject_alt_dnsnames[
+                                    totalnames][dnslen] = 0;
+                            ++totalnames;
+                        }
+
+                        suboffset += dnslen;
+                    }
+                }
+            }
+        }
+    }
+
+    offset = end_tbs;   /* skip the rest of v3 data */
    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
            asn1_signature(cert, &offset, x509_ctx))
        goto end_cert;
@ -188,6 +234,7 @@ void x509_free(X509_CTX *x509_ctx)
        free(x509_ctx->cert_dn[i]);
    }

+
    free(x509_ctx->signature);

 #ifdef CONFIG_SSL_CERT_VERIFICATION 
@ -195,6 +242,14 @@ void x509_free(X509_CTX *x509_ctx)
    {
        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
    }
+
+    if (x509_ctx->subject_alt_dnsnames)
+    {
+        for (i = 0; x509_ctx->subject_alt_dnsnames[i]; ++i)
+            free(x509_ctx->subject_alt_dnsnames[i]);
+
+        free(x509_ctx->subject_alt_dnsnames);
+    }
 #endif

    RSA_free(x509_ctx->rsa_ctx);