Merge pull request #7025 from AndrzejKurek/uri_san

Add the uniformResourceIdentifier subtype for the subjectAltName
2025-07-29 11:41:15 +03:00 · 2023-02-20 11:29:59 +01:00
parent e2a9f86755 81b0b89a34
commit 718eb4f190
10 changed files with 109 additions and 6 deletions
--- a/library/x509.c
+++ b/library/x509.c
@ -1227,8 +1227,9 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name,
 *      nameAssigner            [0]     DirectoryString OPTIONAL,
 *      partyName               [1]     DirectoryString }
 *
- * NOTE: we list all types, but only use dNSName and otherName
- * of type HwModuleName, as defined in RFC 4108, at this point.
+ * We list all types, but use the following GeneralName types from RFC 5280:
+ * "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+ * of type "otherName", as defined in RFC 4108.
 */
 int mbedtls_x509_get_subject_alt_name(unsigned char **p,
                                      const unsigned char *end,
@ -1397,7 +1398,19 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,

        }
        break;
+        /*
+         * uniformResourceIdentifier
+         */
+        case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER):
+        {
+            memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
+            san->type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;

+            memcpy(&san->san.unstructured_name,
+                   san_buf, sizeof(*san_buf));
+
+        }
+        break;
        /*
         * dNSName
         */
@ -1488,7 +1501,23 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
                }/* MBEDTLS_OID_ON_HW_MODULE_NAME */
            }
            break;
+            /*
+             * uniformResourceIdentifier
+             */
+            case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
+            {
+                ret = mbedtls_snprintf(p, n, "\n%s    uniformResourceIdentifier : ", prefix);
+                MBEDTLS_X509_SAFE_SNPRINTF;
+                if (san.san.unstructured_name.len >= n) {
+                    *p = '\0';
+                    return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+                }

+                memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len);
+                p += san.san.unstructured_name.len;
+                n -= san.san.unstructured_name.len;
+            }
+            break;
            /*
             * dNSName
             */