summaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
authorMichael Brown2012-05-08 11:36:09 +0200
committerMichael Brown2012-05-08 13:49:01 +0200
commit0ad8b601dd190912b1338155b000d577205c4e02 (patch)
treecdcbaa7520dd84b640aa0b576aab77c532791e96 /src/crypto
parent[list] Add list_last_entry() (diff)
downloadipxe-0ad8b601dd190912b1338155b000d577205c4e02.tar.gz
ipxe-0ad8b601dd190912b1338155b000d577205c4e02.tar.xz
ipxe-0ad8b601dd190912b1338155b000d577205c4e02.zip
[crypto] Allow for X.509 certificates with no common name
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/cms.c3
-rw-r--r--src/crypto/x509.c6
2 files changed, 5 insertions, 4 deletions
diff --git a/src/crypto/cms.c b/src/crypto/cms.c
index ee09dff3..660be69e 100644
--- a/src/crypto/cms.c
+++ b/src/crypto/cms.c
@@ -745,7 +745,8 @@ int cms_verify ( struct cms_signature *sig, userptr_t data, size_t len,
/* Verify using all signerInfos */
list_for_each_entry ( info, &sig->info, list ) {
cert = x509_first ( info->chain );
- if ( name && ( strcmp ( name, cert->subject.name ) != 0 ) )
+ if ( name && ( ( cert->subject.name == NULL ) ||
+ ( strcmp ( cert->subject.name, name ) != 0 ) ) )
continue;
if ( ( rc = cms_verify_signer_info ( sig, info, data, len,
time, root ) ) != 0 )
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index be2e1009..3261b8eb 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -570,7 +570,7 @@ static int x509_parse_common_name ( struct x509_certificate *cert, char **name,
return rc;
}
- /* Allocate name */
+ /* Allocate and copy name */
*name = zalloc ( name_cursor.len + 1 /* NUL */ );
if ( ! *name )
return -ENOMEM;
@@ -578,9 +578,9 @@ static int x509_parse_common_name ( struct x509_certificate *cert, char **name,
return 0;
}
+ /* Certificates may not have a commonName */
DBGC ( cert, "X509 %p no commonName found:\n", cert );
- DBGC_HDA ( cert, 0, raw->data, raw->len );
- return -ENOENT;
+ return 0;
}
/**