log.debug("unable to match subjectAltName, trying TLS CN match");
// Fetch the last CN RDN.
- char* peer_CN = NULL;\r
- int j,i = -1;\r
- while ((j=X509_NAME_get_index_by_NID(subject, NID_commonName, i)) >= 0)\r
- i = j;\r
- if (i >= 0) {\r
- ASN1_STRING* tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject, i));\r
- // Copied in from libcurl.\r
- /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input\r
- is already UTF-8 encoded. We check for this case and copy the raw\r
- string manually to avoid the problem. */\r
- if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {\r
- j = ASN1_STRING_length(tmp);\r
- if(j >= 0) {\r
- peer_CN = (char*)OPENSSL_malloc(j + 1);\r
- memcpy(peer_CN, ASN1_STRING_data(tmp), j);\r
- peer_CN[j] = '\0';\r
- }\r
- }\r
- else /* not a UTF8 name */ {\r
- j = ASN1_STRING_to_UTF8(reinterpret_cast<unsigned char**>(&peer_CN), tmp);\r
- }\r
-\r
+ char* peer_CN = NULL;
+ int j,i = -1;
+ while ((j=X509_NAME_get_index_by_NID(subject, NID_commonName, i)) >= 0)
+ i = j;
+ if (i >= 0) {
+ ASN1_STRING* tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject, i));
+ // Copied in from libcurl.
+ /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
+ is already UTF-8 encoded. We check for this case and copy the raw
+ string manually to avoid the problem. */
+ if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
+ j = ASN1_STRING_length(tmp);
+ if(j >= 0) {
+ peer_CN = (char*)OPENSSL_malloc(j + 1);
+ memcpy(peer_CN, ASN1_STRING_data(tmp), j);
+ peer_CN[j] = '\0';
+ }
+ }
+ else /* not a UTF8 name */ {
+ j = ASN1_STRING_to_UTF8(reinterpret_cast<unsigned char**>(&peer_CN), tmp);
+ }
+
for (set<string>::const_iterator n=trustednames.begin(); n!=trustednames.end(); n++) {
#ifdef HAVE_STRCASECMP
if (n->length() == j && !strncasecmp(peer_CN, n->c_str(), j)) {
if (n->length() == j && !strnicmp(peer_CN, n->c_str(), j)) {
#endif
log.debug("matched subject CN to a key name (%s)", n->c_str());
- if(peer_CN)\r
- OPENSSL_free(peer_CN);\r
+ if(peer_CN)
+ OPENSSL_free(peer_CN);
return true;
}
}
- if(peer_CN)\r
- OPENSSL_free(peer_CN);\r
+ if(peer_CN)
+ OPENSSL_free(peer_CN);
}
else {
log.warn("no common name in certificate subject");
- }\r
+ }
}
else {
log.error("certificate has no subject?!");
projects / shibboleth / xmltooling.git / commitdiff