TLS: Store DER encoded version of Subject DN for X.509 certificates

This is needed for OCSP issuerNameHash matching.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-12-17 11:27:31 +02:00
parent 32ce69092e
commit 8e3271dcd1
2 changed files with 10 additions and 0 deletions

View file

@ -55,6 +55,7 @@ void x509_certificate_free(struct x509_certificate *cert)
x509_free_name(&cert->subject);
os_free(cert->public_key);
os_free(cert->sign_value);
os_free(cert->subject_dn);
os_free(cert);
}
@ -1435,8 +1436,15 @@ static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
return -1;
/* subject Name */
const u8 *subject_dn;
subject_dn = pos;
if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
return -1;
cert->subject_dn = os_malloc(pos - subject_dn);
if (!cert->subject_dn)
return -1;
cert->subject_dn_len = pos - subject_dn;
os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len);
x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);

View file

@ -55,6 +55,8 @@ struct x509_certificate {
struct x509_algorithm_identifier signature;
struct x509_name issuer;
struct x509_name subject;
u8 *subject_dn;
size_t subject_dn_len;
os_time_t not_before;
os_time_t not_after;
struct x509_algorithm_identifier public_key_alg;