Only fields known to OpenSSL have a NID. OBJ_txt2obj allows specifying
fields by numeric OID.
Signed-off-by: Hristo Venev <hristo@venev.name>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <1493853048.30207.1.camel@venev.name>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14535.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
... | ... |
@@ -191,16 +191,24 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, |
191 | 191 |
X509_NAME_ENTRY *x509ne = 0; |
192 | 192 |
ASN1_STRING *asn1 = 0; |
193 | 193 |
unsigned char *buf = NULL; |
194 |
- int nid = OBJ_txt2nid(field_name); |
|
194 |
+ ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0); |
|
195 |
+ |
|
196 |
+ if (field_name_obj == NULL) |
|
197 |
+ { |
|
198 |
+ msg(D_TLS_ERRORS, "Invalid X509 attribute name '%s'", field_name); |
|
199 |
+ return FAILURE; |
|
200 |
+ } |
|
195 | 201 |
|
196 | 202 |
ASSERT(size > 0); |
197 | 203 |
*out = '\0'; |
198 | 204 |
do |
199 | 205 |
{ |
200 | 206 |
lastpos = tmp; |
201 |
- tmp = X509_NAME_get_index_by_NID(x509, nid, lastpos); |
|
207 |
+ tmp = X509_NAME_get_index_by_OBJ(x509, field_name_obj, lastpos); |
|
202 | 208 |
} while (tmp > -1); |
203 | 209 |
|
210 |
+ ASN1_OBJECT_free(field_name_obj); |
|
211 |
+ |
|
204 | 212 |
/* Nothing found */ |
205 | 213 |
if (lastpos == -1) |
206 | 214 |
{ |