diff --git a/ssl.c b/ssl.c index e413f00..cecd893 100644 --- a/ssl.c +++ b/ssl.c @@ -1148,7 +1148,7 @@ ssl_x509_names_to_str(X509 *crt, size_t limit) /* * Returns a NULL terminated array of pointers to all common names found - * in the Subject DN CN and subjectAltNames extension. + * in the Subject DN CN and subjectAltNames extension (DNSName only). * Caller must free returned buffer and all pointers within. * Embedded NULL characters in hostnames are replaced with '!'. */ @@ -1199,9 +1199,9 @@ ssl_x509_names(X509 *crt) return NULL; } for (int j = 0; j < altnamesz; j++) { - *p[j] = altname[j] ? altname[j] : '!'; + (*p)[j] = altname[j] ? altname[j] : '!'; } - *p[altnamesz] = '\0'; + (*p)[altnamesz] = '\0'; OPENSSL_free((char*)altname); p++; } diff --git a/ssl.t b/ssl.t index bacf96c..8771f28 100644 --- a/ssl.t +++ b/ssl.t @@ -30,6 +30,20 @@ #include "ssl.h" +#define TESTCERT "extra/pki/server.crt" + +static void +ssl_setup(void) +{ + ssl_init(); +} + +static void +ssl_teardown(void) +{ + ssl_fini(); +} + static char wildcard1[] = "*.example.org"; static char wildcard2[] = "www.*.example.org"; static char wildcard3[] = "*.*.org"; @@ -385,6 +399,32 @@ START_TEST(ssl_tls_clienthello_parse_sni_07) END_TEST #endif /* !OPENSSL_NO_TLSEXT */ +START_TEST(ssl_x509_names_01) +{ + X509 *c; + char **names, **p; + + c = ssl_x509_load(TESTCERT); + fail_unless(!!c, "loading certificate failed"); + names = ssl_x509_names(c); + fail_unless(!!names, "parsing names failed"); + fail_unless(!!names[0], "first name"); + fail_unless(!strcmp(names[0], "daniel.roe.ch"), "first name"); + fail_unless(!!names[1], "second name"); + fail_unless(!strcmp(names[1], "daniel.roe.ch"), "second name"); + fail_unless(!!names[2], "third name"); + fail_unless(!strcmp(names[2], "www.roe.ch"), "third name"); + fail_unless(!!names[3], "fourth name"); + fail_unless(!strcmp(names[3], "*.roe.ch"), "fourth name"); + fail_unless(!names[4], "too many names"); + p = names; + while (*p) + free(*p++); + free(names); + X509_free(c); +} +END_TEST + START_TEST(ssl_features_01) { int have_threads = 0; @@ -440,6 +480,11 @@ ssl_suite(void) suite_add_tcase(s, tc); #endif /* !OPENSSL_NO_TLSEXT */ + tc = tcase_create("ssl_x509_names"); + tcase_add_checked_fixture(tc, ssl_setup, ssl_teardown); + tcase_add_test(tc, ssl_x509_names_01); + suite_add_tcase(s, tc); + tc = tcase_create("ssl_features"); tcase_add_test(tc, ssl_features_01); suite_add_tcase(s, tc);