diff options
author | Michael Brown | 2014-03-28 19:42:41 +0100 |
---|---|---|
committer | Michael Brown | 2014-03-28 19:42:41 +0100 |
commit | d90490578d3fe7eca080bb951bebd65bd76bc053 (patch) | |
tree | d64af301edb30827f35951c25b5216941767bef6 /src | |
parent | [crypto] Generalise X.509 cache to a full certificate store (diff) | |
download | ipxe-d90490578d3fe7eca080bb951bebd65bd76bc053.tar.gz ipxe-d90490578d3fe7eca080bb951bebd65bd76bc053.tar.xz ipxe-d90490578d3fe7eca080bb951bebd65bd76bc053.zip |
[crypto] Use fingerprint when no common name is available for debug messages
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/crypto/x509.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 38acb2ac..fa361474 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -24,6 +24,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include <errno.h> #include <assert.h> #include <ipxe/list.h> +#include <ipxe/base16.h> #include <ipxe/asn1.h> #include <ipxe/crypto.h> #include <ipxe/md5.h> @@ -120,14 +121,23 @@ FILE_LICENCE ( GPL2_OR_LATER ); */ const char * x509_name ( struct x509_certificate *cert ) { struct asn1_cursor *common_name = &cert->subject.common_name; + struct digest_algorithm *digest = &sha1_algorithm; static char buf[64]; + uint8_t fingerprint[ digest->digestsize ]; size_t len; len = common_name->len; - if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) ) - len = ( sizeof ( buf ) - 1 /* NUL */ ); - memcpy ( buf, common_name->data, len ); - buf[len] = '\0'; + if ( len ) { + /* Certificate has a commonName: use that */ + if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) ) + len = ( sizeof ( buf ) - 1 /* NUL */ ); + memcpy ( buf, common_name->data, len ); + buf[len] = '\0'; + } else { + /* Certificate has no commonName: use SHA-1 fingerprint */ + x509_fingerprint ( cert, digest, fingerprint ); + base16_encode ( fingerprint, sizeof ( fingerprint ), buf ); + } return buf; } |