From f10726c8bb4e09bf53d0c40b90c1a2cb434672d4 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Mon, 31 Mar 2014 01:11:06 +0100 Subject: [crypto] Add support for subjectAltName and wildcard certificates Originally-implemented-by: Alex Chernyakhovsky Signed-off-by: Michael Brown --- src/include/ipxe/asn1.h | 5 +++++ src/include/ipxe/x509.h | 14 ++++++++++++++ 2 files changed, 19 insertions(+) (limited to 'src/include/ipxe') diff --git a/src/include/ipxe/asn1.h b/src/include/ipxe/asn1.h index 3e73b59c7..d12524ddb 100644 --- a/src/include/ipxe/asn1.h +++ b/src/include/ipxe/asn1.h @@ -222,6 +222,11 @@ struct asn1_builder_header { ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \ ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 ) +/** ASN.1 OID for id-ce-subjectAltName (2.5.29.17) */ +#define ASN1_OID_SUBJECTALTNAME \ + ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \ + ASN1_OID_SINGLE ( 17 ) + /** Define an ASN.1 cursor containing an OID */ #define ASN1_OID_CURSOR( oid_value ) { \ .data = oid_value, \ diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index c92547237..055a4460e 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -136,6 +136,18 @@ struct x509_authority_info_access { struct x509_ocsp_responder ocsp; }; +/** X.509 certificate subject alternative name */ +struct x509_subject_alt_name { + /** Names */ + struct asn1_cursor names; +}; + +/** X.509 certificate general name types */ +enum x509_general_name_types { + X509_GENERAL_NAME_DNS = ASN1_IMPLICIT_TAG ( 2 ), + X509_GENERAL_NAME_URI = ASN1_IMPLICIT_TAG ( 6 ), +}; + /** An X.509 certificate extensions set */ struct x509_extensions { /** Basic constraints */ @@ -146,6 +158,8 @@ struct x509_extensions { struct x509_extended_key_usage ext_usage; /** Authority information access */ struct x509_authority_info_access auth_info; + /** Subject alternative name */ + struct x509_subject_alt_name alt_name; }; /** A link in an X.509 certificate chain */ -- cgit v1.2.3-55-g7522