From d90490578d3fe7eca080bb951bebd65bd76bc053 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Fri, 28 Mar 2014 18:42:41 +0000
Subject: [crypto] Use fingerprint when no common name is available for debug
 messages

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/crypto/x509.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'src/crypto')

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 38acb2ac..fa361474 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -24,6 +24,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <errno.h>
 #include <assert.h>
 #include <ipxe/list.h>
+#include <ipxe/base16.h>
 #include <ipxe/asn1.h>
 #include <ipxe/crypto.h>
 #include <ipxe/md5.h>
@@ -120,14 +121,23 @@ FILE_LICENCE ( GPL2_OR_LATER );
  */
 const char * x509_name ( struct x509_certificate *cert ) {
 	struct asn1_cursor *common_name = &cert->subject.common_name;
+	struct digest_algorithm *digest = &sha1_algorithm;
 	static char buf[64];
+	uint8_t fingerprint[ digest->digestsize ];
 	size_t len;
 
 	len = common_name->len;
-	if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
-		len = ( sizeof ( buf ) - 1 /* NUL */ );
-	memcpy ( buf, common_name->data, len );
-	buf[len] = '\0';
+	if ( len ) {
+		/* Certificate has a commonName: use that */
+		if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
+			len = ( sizeof ( buf ) - 1 /* NUL */ );
+		memcpy ( buf, common_name->data, len );
+		buf[len] = '\0';
+	} else {
+		/* Certificate has no commonName: use SHA-1 fingerprint */
+		x509_fingerprint ( cert, digest, fingerprint );
+		base16_encode ( fingerprint, sizeof ( fingerprint ), buf );
+	}
 	return buf;
 }
 
-- 
cgit v1.2.3-55-g7522