1 files changed, 96 insertions, 0 deletions
diff --git a/src/openssl.c b/src/openssl.c
index 11d02a0..9c40e57 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -4328,6 +4328,7 @@ static const auxL_IntegerReg xe_textopts[] = {
        { "ERROR_UNKNOWN", X509V3_EXT_ERROR_UNKNOWN },
        { "PARSE_UNKNOWN", X509V3_EXT_PARSE_UNKNOWN },
        { "DUMP_UNKNOWN", X509V3_EXT_DUMP_UNKNOWN },
+        { NULL, 0 },
 };
 int luaopen__openssl_x509_extension(lua_State *L) {
@@ -5487,6 +5488,99 @@ static int xr_setPublicKey(lua_State *L) {
 } /* xr_setPublicKey() */
+static int xr_setExtensionByNid(lua_State *L, X509_REQ *csr, int target_nid, void* value) {
+        STACK_OF(X509_EXTENSION) *sk = NULL;
+        int has_attrs=0;
+        /*
+         * Replace existing if it's there. Extensions are stored in a CSR in
+         * an interesting way:
+         *
+         * They are stored as a list under either (most likely) the
+         * "official" NID_ext_req or under NID_ms_ext_req which means
+         * everything is stored under a list in a single "attribute" so we
+         * can't use X509_REQ_add1_attr or similar.
+         *
+         * Instead we have to get the extensions, find and replace the SAN
+         * if it's in there, then *replace* the extensions in the list of
+         * attributes. (If we just try to add it the old ones are found
+         * first and don't take priority.)
+         */
+        has_attrs = X509_REQ_get_attr_count(csr);
+        sk = X509_REQ_get_extensions(csr);
+        if (!X509V3_add1_i2d(&sk, target_nid, value, 0, X509V3_ADD_REPLACE))
+                goto error;
+        if (X509_REQ_add_extensions(csr, sk) == 0)
+                goto error;
+        sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
+        sk = NULL;
+        /*
+         * Delete the old extensions attribute, so that the one we just
+         * added takes priority.
+         */
+        if (has_attrs) {
+                X509_ATTRIBUTE *attr = NULL;
+                int idx, *pnid;
+                for (pnid = X509_REQ_get_extension_nids(); *pnid != NID_undef; pnid++) {
+                        idx = X509_REQ_get_attr_by_NID(csr, *pnid, -1);
+                        if (idx == -1)
+                                continue;
+                        if (!(attr = X509_REQ_delete_attr(csr, idx)))
+                                goto error;
+                        X509_ATTRIBUTE_free(attr);
+                        break;
+                }
+                if (!attr)
+                        goto error;
+        }
+        /*
+         * We have to mark the encoded form as invalid, otherwise when we
+         * write it out again it will use the loaded version.
+         */
+        csr->req_info->enc.modified = 1;
+        lua_pushboolean(L, 1);
+        return 1;
+error:
+        if (sk)
+                sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
+        return auxL_error(L, auxL_EOPENSSL, "x509.csr.setExtensionByNid");
+} /* xr_setExtensionByNid() */
+static int xr_setSubjectAlt(lua_State *L) {
+        X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
+        GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS);
+        return xr_setExtensionByNid(L, csr, NID_subject_alt_name, gens);
+} /* xr_setSubjectAlt */
+static int xr_getSubjectAlt(lua_State *L) {
+        X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
+        STACK_OF(X509_EXTENSION) *exts;
+        GENERAL_NAMES *gens;
+        exts = X509_REQ_get_extensions(csr);
+        gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+        if (!gens) goto error;
+        gn_dup(L, gens);
+        return 1;
+error:
+        return 0;
+} /* xr_getSubjectAlt() */
 static int xr_sign(lua_State *L) {
        X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
        EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
@@ -5544,6 +5638,8 @@ static const auxL_Reg xr_methods[] = {
        { "setSubject",   &xr_setSubject },
        { "getPublicKey", &xr_getPublicKey },
        { "setPublicKey", &xr_setPublicKey },
+        { "getSubjectAlt", &xr_getSubjectAlt },
+        { "setSubjectAlt", &xr_setSubjectAlt },
        { "sign",         &xr_sign },
        { "tostring",     &xr__tostring },
        { NULL,           NULL },

diff --git a/src/openssl.c b/src/openssl.c index 11d02a0..9c40e57 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -4328,6 +4328,7 @@ static const auxL_IntegerReg xe_textopts[] = {
4328	{ "ERROR_UNKNOWN", X509V3_EXT_ERROR_UNKNOWN },	4328	{ "ERROR_UNKNOWN", X509V3_EXT_ERROR_UNKNOWN },
4329	{ "PARSE_UNKNOWN", X509V3_EXT_PARSE_UNKNOWN },	4329	{ "PARSE_UNKNOWN", X509V3_EXT_PARSE_UNKNOWN },
4330	{ "DUMP_UNKNOWN", X509V3_EXT_DUMP_UNKNOWN },	4330	{ "DUMP_UNKNOWN", X509V3_EXT_DUMP_UNKNOWN },
		4331	{ NULL, 0 },
4331	};	4332	};
4332		4333
4333	int luaopen__openssl_x509_extension(lua_State *L) {	4334	int luaopen__openssl_x509_extension(lua_State *L) {
@@ -5487,6 +5488,99 @@ static int xr_setPublicKey(lua_State *L) {
5487	} /* xr_setPublicKey() */	5488	} /* xr_setPublicKey() */
5488		5489
5489		5490
		5491	static int xr_setExtensionByNid(lua_State L, X509_REQ csr, int target_nid, void* value) {
		5492	STACK_OF(X509_EXTENSION) *sk = NULL;
		5493	int has_attrs=0;
		5494
		5495	/*
		5496	* Replace existing if it's there. Extensions are stored in a CSR in
		5497	* an interesting way:
		5498	*
		5499	* They are stored as a list under either (most likely) the
		5500	* "official" NID_ext_req or under NID_ms_ext_req which means
		5501	* everything is stored under a list in a single "attribute" so we
		5502	* can't use X509_REQ_add1_attr or similar.
		5503	*
		5504	* Instead we have to get the extensions, find and replace the SAN
		5505	* if it's in there, then replace the extensions in the list of
		5506	* attributes. (If we just try to add it the old ones are found
		5507	* first and don't take priority.)
		5508	*/
		5509	has_attrs = X509_REQ_get_attr_count(csr);
		5510
		5511	sk = X509_REQ_get_extensions(csr);
		5512	if (!X509V3_add1_i2d(&sk, target_nid, value, 0, X509V3_ADD_REPLACE))
		5513	goto error;
		5514	if (X509_REQ_add_extensions(csr, sk) == 0)
		5515	goto error;
		5516	sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
		5517	sk = NULL;
		5518
		5519	/*
		5520	* Delete the old extensions attribute, so that the one we just
		5521	* added takes priority.
		5522	*/
		5523	if (has_attrs) {
		5524	X509_ATTRIBUTE *attr = NULL;
		5525	int idx, *pnid;
		5526
		5527	for (pnid = X509_REQ_get_extension_nids(); *pnid != NID_undef; pnid++) {
		5528	idx = X509_REQ_get_attr_by_NID(csr, *pnid, -1);
		5529	if (idx == -1)
		5530	continue;
		5531	if (!(attr = X509_REQ_delete_attr(csr, idx)))
		5532	goto error;
		5533	X509_ATTRIBUTE_free(attr);
		5534	break;
		5535	}
		5536	if (!attr)
		5537	goto error;
		5538	}
		5539
		5540	/*
		5541	* We have to mark the encoded form as invalid, otherwise when we
		5542	* write it out again it will use the loaded version.
		5543	*/
		5544	csr->req_info->enc.modified = 1;
		5545
		5546	lua_pushboolean(L, 1);
		5547
		5548	return 1;
		5549	error:
		5550	if (sk)
		5551	sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
		5552
		5553	return auxL_error(L, auxL_EOPENSSL, "x509.csr.setExtensionByNid");
		5554	} /* xr_setExtensionByNid() */
		5555
		5556
		5557	static int xr_setSubjectAlt(lua_State *L) {
		5558	X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
		5559	GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS);
		5560
		5561	return xr_setExtensionByNid(L, csr, NID_subject_alt_name, gens);
		5562	} /* xr_setSubjectAlt */
		5563
		5564
		5565	static int xr_getSubjectAlt(lua_State *L) {
		5566	X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
		5567	STACK_OF(X509_EXTENSION) *exts;
		5568	GENERAL_NAMES *gens;
		5569
		5570	exts = X509_REQ_get_extensions(csr);
		5571	gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
		5572	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
		5573	if (!gens) goto error;
		5574
		5575	gn_dup(L, gens);
		5576
		5577	return 1;
		5578	error:
		5579	return 0;
		5580	} /* xr_getSubjectAlt() */
		5581
		5582
		5583
5490	static int xr_sign(lua_State *L) {	5584	static int xr_sign(lua_State *L) {
5491	X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);	5585	X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
5492	EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);	5586	EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
@@ -5544,6 +5638,8 @@ static const auxL_Reg xr_methods[] = {
5544	{ "setSubject", &xr_setSubject },	5638	{ "setSubject", &xr_setSubject },
5545	{ "getPublicKey", &xr_getPublicKey },	5639	{ "getPublicKey", &xr_getPublicKey },
5546	{ "setPublicKey", &xr_setPublicKey },	5640	{ "setPublicKey", &xr_setPublicKey },
		5641	{ "getSubjectAlt", &xr_getSubjectAlt },
		5642	{ "setSubjectAlt", &xr_setSubjectAlt },
5547	{ "sign", &xr_sign },	5643	{ "sign", &xr_sign },
5548	{ "tostring", &xr__tostring },	5644	{ "tostring", &xr__tostring },
5549	{ NULL, NULL },	5645	{ NULL, NULL },