cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-30 08:56:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

Adapt cert_req app to support SAN IP

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-02-14 13:05:24 +01:00
parent f40de93b1a
commit 3a92593d1e
1 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
programs/x509/cert_req.c
View File

@ -67,7 +67,7 @@ int main(void)
" Comma-separated-list of values:\n" \ " Comma-separated-list of values:\n" \
" DNS:value\n" \ " DNS:value\n" \
" URI:value\n" \ " URI:value\n" \
" OTHER:value\n" \ " IP:value\n" \
" key_usage=%%s default: (empty)\n" \ " key_usage=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \ " Comma-separated-list of values:\n" \
" digital_signature\n" \ " digital_signature\n" \
@ -114,6 +114,19 @@ struct options {
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt; } opt;
static int ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
{
for (int i = 0; i < maxBytes; i++) {
bytes[i] = strtoul(str, NULL, 16);
str = strchr(str, '.');
if (str == NULL || *str == '\0') {
break;
}
str++;
}
return 0;
}
int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng) void *p_rng)
@ -157,6 +170,7 @@ int main(int argc, char *argv[])
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app"; const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev; mbedtls_x509_san_list *cur, *prev;
uint8_t ip[4];
/* /*
* Set to sane values * Set to sane values
@ -229,17 +243,22 @@ usage:
cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
} else if (strcmp(q, "DNS") == 0) { } else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "OTHER") == 0) { } else if (strcmp(q, "IP") == 0) {
cur->node.type = MBEDTLS_X509_SAN_OTHER_NAME; cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
ip_string_to_bytes(r2, ip, 4);
} else { } else {
mbedtls_free(cur); mbedtls_free(cur);
goto usage; goto usage;
} }
if (strcmp(q, "IP") == 0) {
cur->node.name = (char *) ip;
cur->node.len = sizeof(ip);
} else {
q = r2; q = r2;
cur->node.name = q; cur->node.name = q;
cur->node.len = strlen(q); cur->node.len = strlen(q);
}
if (prev == NULL) { if (prev == NULL) {
opt.san_list = cur; opt.san_list = cur;