X.509: Add parsing of alternative name to internal TLS implementation

The alternative name extensions are now parsed, but the actual values are not yet used for alt. subject name matching.
2009-06-11 23:47:35 +03:00 · 2009-06-11 23:47:35 +03:00 · efe22727da
commit efe22727da
parent 4625a47f4b
4 changed files with 254 additions and 16 deletions
--- a/src/tls/x509v3.h
+++ b/src/tls/x509v3.h
@ -29,6 +29,14 @@ struct x509_name {
 	char *o; /* organizationName */
 	char *ou; /* organizationalUnitName */
 	char *email; /* emailAddress */
+
+	/* from alternative name extension */
+	char *alt_email; /* rfc822Name */
+	char *dns; /* dNSName */
+	char *uri; /* uniformResourceIdentifier */
+	u8 *ip; /* iPAddress */
+	size_t ip_len; /* IPv4: 4, IPv6: 16 */
+	struct asn1_oid rid; /* registeredID */
 };

 struct x509_certificate {
@ -52,6 +60,8 @@ struct x509_certificate {
 #define X509_EXT_BASIC_CONSTRAINTS		(1 << 0)
 #define X509_EXT_PATH_LEN_CONSTRAINT		(1 << 1)
 #define X509_EXT_KEY_USAGE			(1 << 2)
+#define X509_EXT_SUBJECT_ALT_NAME		(1 << 3)
+#define X509_EXT_ISSUER_ALT_NAME		(1 << 4)

 	/* BasicConstraints */
 	int ca; /* cA */