Commit 6384440b authored by Paul Bakker's avatar Paul Bakker
Browse files

Better support for the different Attribute Types from IETF PKIX (RFC 5280)

parent 1a1fbba1
......@@ -11,6 +11,7 @@ Changes
* POLARSSL_CONFIG_OPTIONS has been removed. All values are individually
checked and filled in the relevant module headers
* Debug module only outputs full lines instead of parts
* Better support for the different Attribute Types from IETF PKIX (RFC 5280)
Bugfix
* Only iterate over actual certificates in ssl_write_certificate_request()
......
......@@ -105,14 +105,23 @@
*/
#define OID_AT OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
#define OID_AT_CN OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
#define OID_AT_SUR_NAME OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
#define OID_AT_SERIAL_NUMBER OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
#define OID_AT_COUNTRY OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
#define OID_AT_LOCALITY OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
#define OID_AT_STATE OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
#define OID_AT_ORGANIZATION OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
#define OID_AT_ORG_UNIT OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
#define OID_AT_TITLE OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
#define OID_AT_POSTAL_ADDRESS OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
#define OID_AT_POSTAL_CODE OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
#define OID_AT_GIVEN_NAME OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
#define OID_AT_INITIALS OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
#define OID_AT_GENERATION_QUALIFIER OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
#define OID_AT_DN_QUALIFIER OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
#define OID_AT_PSEUDONYM OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
#define OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
/*
* OIDs for standard certificate extensions
......
......@@ -195,6 +195,38 @@ static const oid_x520_attr_t oid_x520_attr_type[] =
{ ADD_LEN( OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" },
"postalCode",
},
{
{ ADD_LEN( OID_AT_SUR_NAME ), "id-at-surName", "Surname" },
"SN",
},
{
{ ADD_LEN( OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" },
"GN",
},
{
{ ADD_LEN( OID_AT_INITIALS ), "id-at-initials", "Initials" },
"initials",
},
{
{ ADD_LEN( OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
"generationQualifier",
},
{
{ ADD_LEN( OID_AT_TITLE ), "id-at-title", "Title" },
"title",
},
{
{ ADD_LEN( OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" },
"dnQualifier",
},
{
{ ADD_LEN( OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" },
"pseudonym",
},
{
{ ADD_LEN( OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" },
"DC",
},
{
{ NULL, 0, NULL, NULL },
NULL,
......
......@@ -53,18 +53,30 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
{
if( c - s == 2 && strncasecmp( s, "CN", 2 ) == 0 )
oid = OID_AT_CN;
else if( c - s == 10 && strncasecmp( s, "commonName", 10 ) == 0 )
oid = OID_AT_CN;
else if( c - s == 1 && strncasecmp( s, "C", 1 ) == 0 )
oid = OID_AT_COUNTRY;
else if( c - s == 11 && strncasecmp( s, "countryName", 11 ) == 0 )
oid = OID_AT_COUNTRY;
else if( c - s == 1 && strncasecmp( s, "O", 1 ) == 0 )
oid = OID_AT_ORGANIZATION;
else if( c - s == 16 && strncasecmp( s, "organizationName", 16 ) == 0 )
oid = OID_AT_ORGANIZATION;
else if( c - s == 1 && strncasecmp( s, "L", 1 ) == 0 )
oid = OID_AT_LOCALITY;
else if( c - s == 8 && strncasecmp( s, "locality", 8 ) == 0 )
oid = OID_AT_LOCALITY;
else if( c - s == 1 && strncasecmp( s, "R", 1 ) == 0 )
oid = OID_PKCS9_EMAIL;
else if( c - s == 2 && strncasecmp( s, "OU", 2 ) == 0 )
oid = OID_AT_ORG_UNIT;
else if( c - s == 22 && strncasecmp( s, "organizationalUnitName", 22 ) == 0 )
oid = OID_AT_ORG_UNIT;
else if( c - s == 2 && strncasecmp( s, "ST", 2 ) == 0 )
oid = OID_AT_STATE;
else if( c - s == 19 && strncasecmp( s, "stateOrProvinceName", 19 ) == 0 )
oid = OID_AT_STATE;
else if( c - s == 12 && strncasecmp( s, "emailAddress", 12 ) == 0 )
oid = OID_PKCS9_EMAIL;
else if( c - s == 12 && strncasecmp( s, "serialNumber", 12 ) == 0 )
......@@ -73,6 +85,28 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
oid = OID_AT_POSTAL_ADDRESS;
else if( c - s == 10 && strncasecmp( s, "postalCode", 10 ) == 0 )
oid = OID_AT_POSTAL_CODE;
else if( c - s == 11 && strncasecmp( s, "dnQualifier", 11 ) == 0 )
oid = OID_AT_DN_QUALIFIER;
else if( c - s == 5 && strncasecmp( s, "title", 5 ) == 0 )
oid = OID_AT_TITLE;
else if( c - s == 7 && strncasecmp( s, "surName", 7 ) == 0 )
oid = OID_AT_SUR_NAME;
else if( c - s == 2 && strncasecmp( s, "SN", 2 ) == 0 )
oid = OID_AT_SUR_NAME;
else if( c - s == 9 && strncasecmp( s, "givenName", 9 ) == 0 )
oid = OID_AT_GIVEN_NAME;
else if( c - s == 2 && strncasecmp( s, "GN", 2 ) == 0 )
oid = OID_AT_GIVEN_NAME;
else if( c - s == 8 && strncasecmp( s, "initials", 8 ) == 0 )
oid = OID_AT_INITIALS;
else if( c - s == 9 && strncasecmp( s, "pseudonym", 9 ) == 0 )
oid = OID_AT_PSEUDONYM;
else if( c - s == 19 && strncasecmp( s, "generationQualifier", 19 ) == 0 )
oid = OID_AT_GENERATION_QUALIFIER;
else if( c - s == 15 && strncasecmp( s, "domainComponent", 15 ) == 0 )
oid = OID_DOMAIN_COMPONENT;
else if( c - s == 2 && strncasecmp( s, "DC", 2 ) == 0 )
oid = OID_DOMAIN_COMPONENT;
else
{
ret = POLARSSL_ERR_X509_UNKNOWN_OID;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment