diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-10-28 05:38:55 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-10-28 05:38:55 +0000 |
| commit | 0c22645cba14dd6bf91a732f32c37cf65db63a53 (patch) | |
| tree | 0944a6cbb48e9e145964fe09dec2a15ccfe99143 | |
| parent | 3cd37fc03d244121c2bcc286e3412be04dbc894b (diff) | |
| download | openvpn-0c22645cba14dd6bf91a732f32c37cf65db63a53.tar.gz openvpn-0c22645cba14dd6bf91a732f32c37cf65db63a53.tar.xz openvpn-0c22645cba14dd6bf91a732f32c37cf65db63a53.zip | |
Save X509 Subject fields to environment, using the naming convention:
X509_{cert_depth}_{name}={value}
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3459 e7ae566f-a301-0410-adde-c780ea21d3b5
| -rw-r--r-- | ssl.c | 54 |
1 files changed, 54 insertions, 0 deletions
@@ -392,6 +392,57 @@ extract_x509_field_ssl (X509_NAME *x509, const char *field_name, char *out, int } } +/* + * Save X509 fields to environment, using the naming convention: + * + * X509_{cert_depth}_{name}={value} + */ +static void +setenv_x509 (struct env_set *es, const int error_depth, X509_NAME *x509) +{ + int i, n; + int fn_nid; + ASN1_OBJECT *fn; + ASN1_STRING *val; + X509_NAME_ENTRY *ent; + const char *objbuf; + unsigned char *buf; + char *name_expand; + size_t name_expand_size; + + n = X509_NAME_entry_count (x509); + for (i = 0; i < n; ++i) + { + ent = X509_NAME_get_entry (x509, i); + if (!ent) + continue; + fn = X509_NAME_ENTRY_get_object (ent); + if (!fn) + continue; + val = X509_NAME_ENTRY_get_data (ent); + if (!val) + continue; + fn_nid = OBJ_obj2nid (fn); + if (fn_nid == NID_undef) + continue; + objbuf = OBJ_nid2sn (fn_nid); + if (!objbuf) + continue; + buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ + if (ASN1_STRING_to_UTF8 (&buf, val) <= 0) + continue; + name_expand_size = 64 + strlen (objbuf); + name_expand = (char *) malloc (name_expand_size); + check_malloc_return (name_expand); + openvpn_snprintf (name_expand, name_expand_size, "X509_%d_%s", error_depth, objbuf); + string_mod (name_expand, CC_PRINT, CC_CRLF, '_'); + string_mod ((char*)buf, CC_PRINT, CC_CRLF, '_'); + setenv_str (es, name_expand, (char*)buf); + free (name_expand); + OPENSSL_free (buf); + } +} + static void setenv_untrusted (struct tls_session *session) { @@ -564,6 +615,9 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) goto err; } + /* Save X509 fields in environment */ + setenv_x509 (opt->es, ctx->error_depth, X509_get_subject_name (ctx->current_cert)); + /* enforce character class restrictions in X509 name */ string_mod (subject, X509_NAME_CHAR_CLASS, 0, '_'); string_replace_leading (subject, '-', '_'); |