oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Try handle name constraints a little bit better.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16740 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-02-14 11:36:00 +00:00
parent 43470798fb
commit cc053da651
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/hx509/cert.c
View File

@@ -293,7 +293,7 @@ find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
for (;*idx < c->extensions->len; (*idx)++) { for (;*idx < c->extensions->len; (*idx)++) {
if (heim_oid_cmp(&c->extensions->val[*idx].extnID, oid) == 0) if (heim_oid_cmp(&c->extensions->val[*idx].extnID, oid) == 0)
return &c->extensions->val[*idx]; return &c->extensions->val[(*idx)++];
} }
return NULL; return NULL;
} }
@@ -907,16 +907,15 @@ match_RDN(const RelativeDistinguishedName *c,
static int static int
match_X501Name(const Name *c, const Name *n) match_X501Name(const Name *c, const Name *n)
{ {
int i, j, ret; int i, ret;
if (c->element != choice_Name_rdnSequence if (c->element != choice_Name_rdnSequence
|| n->element != choice_Name_rdnSequence) || n->element != choice_Name_rdnSequence)
return 0; return 0;
if (c->u.rdnSequence.len > n->u.rdnSequence.len) if (c->u.rdnSequence.len > n->u.rdnSequence.len)
return HX509_NAME_CONSTRAINT_ERROR; return HX509_NAME_CONSTRAINT_ERROR;
for (i = c->u.rdnSequence.len - 1, j = n->u.rdnSequence.len - 1; for (i = 0; i < c->u.rdnSequence.len; i++) {
i >= 0; i--, j--) { ret = match_RDN(&c->u.rdnSequence.val[i], &n->u.rdnSequence.val[i]);
ret = match_RDN(&c->u.rdnSequence.val[i], &c->u.rdnSequence.val[j]);
if (ret) if (ret)
return ret; return ret;
} }
@@ -927,6 +926,10 @@ match_X501Name(const Name *c, const Name *n)
static int static int
match_general_name(const GeneralName *c, const GeneralName *n) match_general_name(const GeneralName *c, const GeneralName *n)
{ {
/*
* Name constraints only apply to the same name type, see RFC3280,
* 4.2.1.11.
*/
if (c->element != n->element) if (c->element != n->element)
return 0; return 0;
@@ -1041,7 +1044,7 @@ match_tree(const GeneralSubtrees *t, const Certificate *c, int *match)
for (i = 0; i < t->len; i++) { for (i = 0; i < t->len; i++) {
if (t->val[i].minimum && t->val[i].maximum) if (t->val[i].minimum && t->val[i].maximum)
return HX509_RANGE; return HX509_RANGE;
if (match_name(&t->val[i].base, c)) if (match_name(&t->val[i].base, c) == 0)
*match = 1; *match = 1;
} }
return 0; return 0;