From: Alan T. DeKok Date: Tue, 7 Sep 2010 15:07:13 +0000 (+0200) Subject: Minor fixes as suggested by Michael Ross X-Git-Tag: release_3_0_0_beta0~1270 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=freeradius.git;a=commitdiff_plain;h=954d0c996c4fa301eaf83f316c7e3d1bb33dc0a1 Minor fixes as suggested by Michael Ross - fix typo in Expiraton - sprintf of serial was using the start of the buffer, and not the pointer - use names for array references, rather than hard-coded numbers - correct reference to issuer/subject --- diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index a2086d6..6b0052a 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -228,12 +228,17 @@ static SSL_SESSION *cbtls_get_session(UNUSED SSL *s, */ static const char *cert_attr_names[5][2] = { { "TLS-Client-Cert-Serial", "TLS-Cert-Serial" }, - { "TLS-Client-Cert-Expiration", "TLS-Cert-Expiraton" }, - { "TLS-Client-Cert-Issuer", "TLS-Cert-Issuer" }, + { "TLS-Client-Cert-Expiration", "TLS-Cert-Expiration" }, { "TLS-Client-Cert-Subject", "TLS-Cert-Subject" }, + { "TLS-Client-Cert-Issuer", "TLS-Cert-Issuer" }, { "TLS-Client-Cert-Common-Name", "TLS-Cert-Common-Name" } }; +#define EAPTLS_SERIAL (0) +#define EAPTLS_EXPIRATION (1) +#define EAPTLS_SUBJECT (2) +#define EAPTLS_ISSUER (3) +#define EAPTLS_CN (4) /* * Before trusting a certificate, you must make sure that the @@ -303,11 +308,11 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) int i; for (i = 0; i < sn->length; i++) { - sprintf(buf, "%02x", (unsigned int)sn->data[i]); + sprintf(p, "%02x", (unsigned int)sn->data[i]); p += 2; } pairadd(&handler->certs, - pairmake(cert_attr_names[0][lookup], buf, T_OP_SET)); + pairmake(cert_attr_names[EAPTLS_SERIAL][lookup], buf, T_OP_SET)); } @@ -320,7 +325,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) memcpy(buf, (char*) asn_time->data, asn_time->length); buf[asn_time->length] = '\0'; pairadd(&handler->certs, - pairmake(cert_attr_names[1][lookup], buf, T_OP_SET)); + pairmake(cert_attr_names[EAPTLS_EXPIRATION][lookup], buf, T_OP_SET)); } /* @@ -332,7 +337,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) subject[sizeof(subject) - 1] = '\0'; if (subject[0] && (strlen(subject) < MAX_STRING_LEN)) { pairadd(&handler->certs, - pairmake(cert_attr_names[2][lookup], subject, T_OP_SET)); + pairmake(cert_attr_names[EAPTLS_SUBJECT][lookup], subject, T_OP_SET)); } X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, @@ -340,7 +345,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) issuer[sizeof(issuer) - 1] = '\0'; if (issuer[0] && (strlen(issuer) < MAX_STRING_LEN)) { pairadd(&handler->certs, - pairmake(cert_attr_names[3][lookup], issuer, T_OP_SET)); + pairmake(cert_attr_names[EAPTLS_ISSUER][lookup], issuer, T_OP_SET)); } /* @@ -351,7 +356,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) common_name[sizeof(common_name) - 1] = '\0'; if (common_name[0] && (strlen(common_name) < MAX_STRING_LEN)) { pairadd(&handler->certs, - pairmake(cert_attr_names[4][lookup], common_name, T_OP_SET)); + pairmake(cert_attr_names[EAPTLS_CN][lookup], common_name, T_OP_SET)); } if (!my_ok) {