TLS: Store DER encoded version of Subject DN for X.509 certificates

This is needed for OCSP issuerNameHash matching. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 11:27:31 +02:00 · 2015-12-17 11:27:31 +02:00 · 8e3271dcd1
parent 32ce69092e
commit 8e3271dcd1
2 changed files with 10 additions and 0 deletions
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@ -55,6 +55,7 @@ void x509_certificate_free(struct x509_certificate *cert)
 	x509_free_name(&cert->subject);
 	os_free(cert->public_key);
 	os_free(cert->sign_value);
+	os_free(cert->subject_dn);
 	os_free(cert);
 }

@ -1435,8 +1436,15 @@ static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
 		return -1;

 	/* subject Name */
+	const u8 *subject_dn;
+	subject_dn = pos;
 	if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
 		return -1;
+	cert->subject_dn = os_malloc(pos - subject_dn);
+	if (!cert->subject_dn)
+		return -1;
+	cert->subject_dn_len = pos - subject_dn;
+	os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len);
 	x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
 	wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);

--- a/src/tls/x509v3.h
+++ b/src/tls/x509v3.h
@ -55,6 +55,8 @@ struct x509_certificate {
 	struct x509_algorithm_identifier signature;
 	struct x509_name issuer;
 	struct x509_name subject;
+	u8 *subject_dn;
+	size_t subject_dn_len;
 	os_time_t not_before;
 	os_time_t not_after;
 	struct x509_algorithm_identifier public_key_alg;