Browse code
Fix extract_x509_field_ssl for external objects, v2
Only fields known to OpenSSL have a NID. OBJ_txt2obj allows specifying
fields by numeric OID.
Signed-off-by: Hristo Venev <hristo@venev.name>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <1493853048.30207.1.camel@venev.name>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14535.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Hristo Venev authored on 2017/05/04 08:10:48Showing 1 changed files
| ... | ... |
@@ -191,16 +191,24 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, |
| 191 | 191 |
X509_NAME_ENTRY *x509ne = 0; |
| 192 | 192 |
ASN1_STRING *asn1 = 0; |
| 193 | 193 |
unsigned char *buf = NULL; |
| 194 |
- int nid = OBJ_txt2nid(field_name); |
|
| 194 |
+ ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0); |
|
| 195 |
+ |
|
| 196 |
+ if (field_name_obj == NULL) |
|
| 197 |
+ {
|
|
| 198 |
+ msg(D_TLS_ERRORS, "Invalid X509 attribute name '%s'", field_name); |
|
| 199 |
+ return FAILURE; |
|
| 200 |
+ } |
|
| 195 | 201 |
|
| 196 | 202 |
ASSERT(size > 0); |
| 197 | 203 |
*out = '\0'; |
| 198 | 204 |
do |
| 199 | 205 |
{
|
| 200 | 206 |
lastpos = tmp; |
| 201 |
- tmp = X509_NAME_get_index_by_NID(x509, nid, lastpos); |
|
| 207 |
+ tmp = X509_NAME_get_index_by_OBJ(x509, field_name_obj, lastpos); |
|
| 202 | 208 |
} while (tmp > -1); |
| 203 | 209 |
|
| 210 |
+ ASN1_OBJECT_free(field_name_obj); |
|
| 211 |
+ |
|
| 204 | 212 |
/* Nothing found */ |
| 205 | 213 |
if (lastpos == -1) |
| 206 | 214 |
{
|