aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-12-17 09:27:31 (GMT)
committerJouni Malinen <j@w1.fi>2015-12-17 09:28:38 (GMT)
commit8e3271dcd1086a0ed40e1f019abb0699f6d24af6 (patch)
tree3f125e44f28280152ded65206b5c4a0e14b19ed9
parent32ce69092e03f59229dec1bcc32c2cd591982f78 (diff)
downloadhostap-8e3271dcd1086a0ed40e1f019abb0699f6d24af6.zip
hostap-8e3271dcd1086a0ed40e1f019abb0699f6d24af6.tar.gz
hostap-8e3271dcd1086a0ed40e1f019abb0699f6d24af6.tar.bz2
TLS: Store DER encoded version of Subject DN for X.509 certificates
This is needed for OCSP issuerNameHash matching. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/tls/x509v3.c8
-rw-r--r--src/tls/x509v3.h2
2 files changed, 10 insertions, 0 deletions
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index c8085c9..5521390 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -55,6 +55,7 @@ void x509_certificate_free(struct x509_certificate *cert)
x509_free_name(&cert->subject);
os_free(cert->public_key);
os_free(cert->sign_value);
+ os_free(cert->subject_dn);
os_free(cert);
}
@@ -1435,8 +1436,15 @@ static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
return -1;
/* subject Name */
+ const u8 *subject_dn;
+ subject_dn = pos;
if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
return -1;
+ cert->subject_dn = os_malloc(pos - subject_dn);
+ if (!cert->subject_dn)
+ return -1;
+ cert->subject_dn_len = pos - subject_dn;
+ os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len);
x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
diff --git a/src/tls/x509v3.h b/src/tls/x509v3.h
index 3e97313..dcdb4a3 100644
--- a/src/tls/x509v3.h
+++ b/src/tls/x509v3.h
@@ -55,6 +55,8 @@ struct x509_certificate {
struct x509_algorithm_identifier signature;
struct x509_name issuer;
struct x509_name subject;
+ u8 *subject_dn;
+ size_t subject_dn_len;
os_time_t not_before;
os_time_t not_after;
struct x509_algorithm_identifier public_key_alg;