oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Don't issue certs with subject DN that is NULL and have no SANs

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19876 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-01-12 22:46:52 +00:00
parent f978746627
commit 63d4fbb416
1 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
lib/hx509/ca.c
View File

@@ -484,16 +484,25 @@ ca_sign(hx509_context context,
hx509_set_error_string(context, 0, ret, "No public key set"); hx509_set_error_string(context, 0, ret, "No public key set");
return ret; return ret;
} }
if (tbs->subject == NULL && !tbs->flags.proxy) { /*
ret = EINVAL; * Don't put restrictions on proxy certificate's subject name, it
hx509_set_error_string(context, 0, ret, "No subject name set"); * will be generated below.
return ret; */
if (!tbs->flags.proxy) {
if (tbs->subject == NULL) {
hx509_set_error_string(context, 0, EINVAL, "No subject name set");
return EINVAL;
}
if (hx509_name_is_null_p(tbs->subject) && tbs->san.len == 0) {
hx509_set_error_string(context, 0, EINVAL,
"NULL subject and no SubjectAltNames");
return EINVAL;
}
} }
if (tbs->flags.ca && tbs->flags.proxy) { if (tbs->flags.ca && tbs->flags.proxy) {
ret = EINVAL; hx509_set_error_string(context, 0, EINVAL, "Can't be proxy and CA "
hx509_set_error_string(context, 0, ret, "Can't be proxy and CA "
"at the same time"); "at the same time");
return ret; return EINVAL;
} }
if (tbs->flags.proxy) { if (tbs->flags.proxy) {
if (tbs->san.len > 0) { if (tbs->san.len > 0) {