oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hx509: Add hx509_ca_tbs_get_name()

Browse Source 
This is so we can check if a TBS gets an empty subject name, then refuse
to issue the certificate if it doesn't also have at least one SAN.
This commit is contained in:
Nicolas Williams
2019-11-06 11:08:00 -06:00
parent 12826c9586
commit fce3f16859
3 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/hx509/ca.c
View File

@@ -997,6 +997,23 @@ hx509_ca_tbs_subject_expand(hx509_context context,
return hx509_name_expand(context, tbs->subject, env); return hx509_name_expand(context, tbs->subject, env);
} }
/**
* Get the name of a to-be-signed certificate object.
*
* @param context A hx509 context.
* @param tbs object to be signed.
*
* @return An hx509 name.
*
* @ingroup hx509_ca
*/
HX509_LIB_FUNCTION hx509_name HX509_LIB_CALL
hx509_ca_tbs_get_name(hx509_ca_tbs tbs)
{
return tbs->subject;
}
/** /**
* Set signature algorithm on the to be signed certificate * Set signature algorithm on the to be signed certificate
* *

1
lib/hx509/libhx509-exports.def
View File

@@ -70,6 +70,7 @@ EXPORTS
hx509_ca_tbs_add_san_pkinit hx509_ca_tbs_add_san_pkinit
hx509_ca_tbs_add_san_rfc822name hx509_ca_tbs_add_san_rfc822name
hx509_ca_tbs_free hx509_ca_tbs_free
hx509_ca_tbs_get_name
hx509_ca_tbs_init hx509_ca_tbs_init
hx509_ca_tbs_set_ca hx509_ca_tbs_set_ca
hx509_ca_tbs_set_domaincontroller hx509_ca_tbs_set_domaincontroller

1
lib/hx509/version-script.map
View File

@@ -50,6 +50,7 @@ HEIMDAL_X509_1.2 {
hx509_ca_tbs_add_san_pkinit; hx509_ca_tbs_add_san_pkinit;
hx509_ca_tbs_add_san_rfc822name; hx509_ca_tbs_add_san_rfc822name;
hx509_ca_tbs_free; hx509_ca_tbs_free;
hx509_ca_tbs_get_name;
hx509_ca_tbs_init; hx509_ca_tbs_init;
hx509_ca_tbs_set_ca; hx509_ca_tbs_set_ca;
hx509_ca_tbs_set_domaincontroller; hx509_ca_tbs_set_domaincontroller;