diff options
| author | Michael Brown | 2012-05-08 11:36:09 +0200 |
|---|---|---|
| committer | Michael Brown | 2012-05-08 13:49:01 +0200 |
| commit | 0ad8b601dd190912b1338155b000d577205c4e02 (patch) | |
| tree | cdcbaa7520dd84b640aa0b576aab77c532791e96 /src/crypto | |
| parent | [list] Add list_last_entry() (diff) | |
| download | ipxe-0ad8b601dd190912b1338155b000d577205c4e02.tar.gz ipxe-0ad8b601dd190912b1338155b000d577205c4e02.tar.xz ipxe-0ad8b601dd190912b1338155b000d577205c4e02.zip | |
[crypto] Allow for X.509 certificates with no common name
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/cms.c | 3 | ||||
| -rw-r--r-- | src/crypto/x509.c | 6 |
2 files changed, 5 insertions, 4 deletions
diff --git a/src/crypto/cms.c b/src/crypto/cms.c index ee09dff3..660be69e 100644 --- a/src/crypto/cms.c +++ b/src/crypto/cms.c @@ -745,7 +745,8 @@ int cms_verify ( struct cms_signature *sig, userptr_t data, size_t len, /* Verify using all signerInfos */ list_for_each_entry ( info, &sig->info, list ) { cert = x509_first ( info->chain ); - if ( name && ( strcmp ( name, cert->subject.name ) != 0 ) ) + if ( name && ( ( cert->subject.name == NULL ) || + ( strcmp ( cert->subject.name, name ) != 0 ) ) ) continue; if ( ( rc = cms_verify_signer_info ( sig, info, data, len, time, root ) ) != 0 ) diff --git a/src/crypto/x509.c b/src/crypto/x509.c index be2e1009..3261b8eb 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -570,7 +570,7 @@ static int x509_parse_common_name ( struct x509_certificate *cert, char **name, return rc; } - /* Allocate name */ + /* Allocate and copy name */ *name = zalloc ( name_cursor.len + 1 /* NUL */ ); if ( ! *name ) return -ENOMEM; @@ -578,9 +578,9 @@ static int x509_parse_common_name ( struct x509_certificate *cert, char **name, return 0; } + /* Certificates may not have a commonName */ DBGC ( cert, "X509 %p no commonName found:\n", cert ); - DBGC_HDA ( cert, 0, raw->data, raw->len ); - return -ENOENT; + return 0; } /** |