summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Brown2014-03-28 19:42:41 +0100
committerMichael Brown2014-03-28 19:42:41 +0100
commitd90490578d3fe7eca080bb951bebd65bd76bc053 (patch)
treed64af301edb30827f35951c25b5216941767bef6
parent[crypto] Generalise X.509 cache to a full certificate store (diff)
downloadipxe-d90490578d3fe7eca080bb951bebd65bd76bc053.tar.gz
ipxe-d90490578d3fe7eca080bb951bebd65bd76bc053.tar.xz
ipxe-d90490578d3fe7eca080bb951bebd65bd76bc053.zip
[crypto] Use fingerprint when no common name is available for debug messages
Signed-off-by: Michael Brown <mcb30@ipxe.org>
-rw-r--r--src/crypto/x509.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 38acb2ac..fa361474 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -24,6 +24,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
#include <errno.h>
#include <assert.h>
#include <ipxe/list.h>
+#include <ipxe/base16.h>
#include <ipxe/asn1.h>
#include <ipxe/crypto.h>
#include <ipxe/md5.h>
@@ -120,14 +121,23 @@ FILE_LICENCE ( GPL2_OR_LATER );
*/
const char * x509_name ( struct x509_certificate *cert ) {
struct asn1_cursor *common_name = &cert->subject.common_name;
+ struct digest_algorithm *digest = &sha1_algorithm;
static char buf[64];
+ uint8_t fingerprint[ digest->digestsize ];
size_t len;
len = common_name->len;
- if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
- len = ( sizeof ( buf ) - 1 /* NUL */ );
- memcpy ( buf, common_name->data, len );
- buf[len] = '\0';
+ if ( len ) {
+ /* Certificate has a commonName: use that */
+ if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
+ len = ( sizeof ( buf ) - 1 /* NUL */ );
+ memcpy ( buf, common_name->data, len );
+ buf[len] = '\0';
+ } else {
+ /* Certificate has no commonName: use SHA-1 fingerprint */
+ x509_fingerprint ( cert, digest, fingerprint );
+ base16_encode ( fingerprint, sizeof ( fingerprint ), buf );
+ }
return buf;
}