diff options
author | Michael Brown | 2014-03-31 02:11:06 +0200 |
---|---|---|
committer | Michael Brown | 2014-03-31 14:36:54 +0200 |
commit | f10726c8bb4e09bf53d0c40b90c1a2cb434672d4 (patch) | |
tree | c03009237acfb4fe00e334ffac244644543a0970 /src/include/ipxe | |
parent | [test] Add subject alternative names to X.509 server test certificate (diff) | |
download | ipxe-f10726c8bb4e09bf53d0c40b90c1a2cb434672d4.tar.gz ipxe-f10726c8bb4e09bf53d0c40b90c1a2cb434672d4.tar.xz ipxe-f10726c8bb4e09bf53d0c40b90c1a2cb434672d4.zip |
[crypto] Add support for subjectAltName and wildcard certificates
Originally-implemented-by: Alex Chernyakhovsky <achernya@google.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe')
-rw-r--r-- | src/include/ipxe/asn1.h | 5 | ||||
-rw-r--r-- | src/include/ipxe/x509.h | 14 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/include/ipxe/asn1.h b/src/include/ipxe/asn1.h index 3e73b59c..d12524dd 100644 --- a/src/include/ipxe/asn1.h +++ b/src/include/ipxe/asn1.h @@ -222,6 +222,11 @@ struct asn1_builder_header { ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \ ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 ) +/** ASN.1 OID for id-ce-subjectAltName (2.5.29.17) */ +#define ASN1_OID_SUBJECTALTNAME \ + ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \ + ASN1_OID_SINGLE ( 17 ) + /** Define an ASN.1 cursor containing an OID */ #define ASN1_OID_CURSOR( oid_value ) { \ .data = oid_value, \ diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index c9254723..055a4460 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -136,6 +136,18 @@ struct x509_authority_info_access { struct x509_ocsp_responder ocsp; }; +/** X.509 certificate subject alternative name */ +struct x509_subject_alt_name { + /** Names */ + struct asn1_cursor names; +}; + +/** X.509 certificate general name types */ +enum x509_general_name_types { + X509_GENERAL_NAME_DNS = ASN1_IMPLICIT_TAG ( 2 ), + X509_GENERAL_NAME_URI = ASN1_IMPLICIT_TAG ( 6 ), +}; + /** An X.509 certificate extensions set */ struct x509_extensions { /** Basic constraints */ @@ -146,6 +158,8 @@ struct x509_extensions { struct x509_extended_key_usage ext_usage; /** Authority information access */ struct x509_authority_info_access auth_info; + /** Subject alternative name */ + struct x509_subject_alt_name alt_name; }; /** A link in an X.509 certificate chain */ |