diff options
| author | Michael Brown | 2012-03-18 18:25:55 +0100 |
|---|---|---|
| committer | Michael Brown | 2012-03-19 01:22:22 +0100 |
| commit | 4d3b5473f850f9c0ba7107cff397cfca4972d679 (patch) | |
| tree | dd39e919a8283c728919c2a2edb4910ce43c8e3b /src/net/tls.c | |
| parent | [rsa] Actually check the unused-bits byte in the public key bit string (diff) | |
| download | ipxe-4d3b5473f850f9c0ba7107cff397cfca4972d679.tar.gz ipxe-4d3b5473f850f9c0ba7107cff397cfca4972d679.tar.xz ipxe-4d3b5473f850f9c0ba7107cff397cfca4972d679.zip | |
[tls] Add full X.509 certificate parsing
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/net/tls.c')
| -rw-r--r-- | src/net/tls.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/src/net/tls.c b/src/net/tls.c index 7ec5745f..5e2bbdc4 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -1026,8 +1026,10 @@ static int tls_new_certificate ( struct tls_session *tls, const void *end = ( certificate->certificates + elements_len ); struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending; struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey; - struct asn1_cursor cursor; - struct x509_rsa_public_key key; + struct x509_certificate cert; + struct x509_public_key *key = &cert.subject.public_key; + const void *cert_data; + size_t cert_len; int rc; /* Sanity check */ @@ -1040,9 +1042,9 @@ static int tls_new_certificate ( struct tls_session *tls, /* Traverse certificate chain */ do { - cursor.data = element->certificate; - cursor.len = tls_uint24 ( element->length ); - if ( ( cursor.data + cursor.len ) > end ) { + cert_data = element->certificate; + cert_len = tls_uint24 ( element->length ); + if ( ( cert_data + cert_len ) > end ) { DBGC ( tls, "TLS %p received corrupt Server " "Certificate\n", tls ); DBGC_HD ( tls, data, len ); @@ -1050,23 +1052,23 @@ static int tls_new_certificate ( struct tls_session *tls, } // HACK - if ( ( rc = x509_rsa_public_key ( &cursor, &key ) ) != 0 ) { - DBGC ( tls, "TLS %p cannot parse public key: %s\n", + + /* Parse certificate */ + if ( ( rc = x509_parse ( &cert, cert_data, cert_len ) ) != 0 ) { + DBGC ( tls, "TLS %p cannot parse certificate: %s\n", tls, strerror ( rc ) ); return rc; } /* Initialise public key algorithm */ if ( ( rc = pubkey_init ( pubkey, cipherspec->pubkey_ctx, - key.raw.data, key.raw.len ) ) != 0){ + key->raw.data, key->raw.len ) ) != 0){ DBGC ( tls, "TLS %p cannot initialise public key: %s\n", tls, strerror ( rc ) ); return rc; } return 0; - - element = ( cursor.data + cursor.len ); } while ( element != end ); return -EINVAL; |