From 0b2e858a42e6ca49e68570c9b13ede74493e48db Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 21 May 2008 18:18:20 +0200 Subject: added code to pull the subjectAltName - dNSName --- runtime/netstrms.c | 1 - runtime/nsd_gtls.c | 25 +++++++++++++++++++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/runtime/netstrms.c b/runtime/netstrms.c index b060d5c2..2b754ecc 100644 --- a/runtime/netstrms.c +++ b/runtime/netstrms.c @@ -174,7 +174,6 @@ SetDrvrAuthMode(netstrms_t *pThis, uchar *mode) { DEFiRet; ISOBJ_TYPE_assert(pThis, netstrms); -RUNLOG_VAR("%s", mode); CHKmalloc(pThis->pszDrvrAuthMode = (uchar*)strdup((char*)mode)); finalize_it: RETiRet; diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index b5431a2c..525a6374 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -94,6 +94,9 @@ gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr) cstr_t *pStr = NULL; int gnuRet; DEFiRet; + unsigned iAltName; + char szAltName[1024]; /* this is sufficient for the DNSNAME... */ + size_t szAltNameLen; assert(ppStr != NULL); ISOBJ_TYPE_assert(pThis, nsd_gtls); @@ -144,10 +147,28 @@ gtlsGetCertInfo(nsd_gtls_t *pThis, cstr_t **ppStr) size = sizeof(dn); gnutls_x509_crt_get_issuer_dn( cert, dn, &size); - snprintf((char*)lnBuf, sizeof(lnBuf), "Issuer DN: %s", dn); + snprintf((char*)lnBuf, sizeof(lnBuf), "Issuer DN: %s; ", dn); CHKiRet(rsCStrAppendStr(pStr, lnBuf)); - gnutls_x509_crt_deinit( cert); + /* dNSName alt name */ + iAltName = 0; + while(1) { /* loop broken below */ + szAltNameLen = sizeof(szAltName); + gnuRet = gnutls_x509_crt_get_subject_alt_name(cert, iAltName, + szAltName, &szAltNameLen, NULL); + if(gnuRet < 0) + break; + else if(gnuRet == GNUTLS_SAN_DNSNAME) { + /* we found it! */ + snprintf((char*)lnBuf, sizeof(lnBuf), "SAN:DNSname: %s; ", szAltName); + CHKiRet(rsCStrAppendStr(pStr, lnBuf)); + /* do NOT break, because there may be multiple dNSName's! */ + } + ++iAltName; + } + + + gnutls_x509_crt_deinit(cert); } CHKiRet(rsCStrFinish(pStr)); -- cgit