diff options
| author | tb <> | 2025-03-19 11:18:38 +0000 |
|---|---|---|
| committer | tb <> | 2025-03-19 11:18:38 +0000 |
| commit | f1b3284f138f03dbf42b525c7f8178124b99e11f (patch) | |
| tree | 61f2cd50a513e06ac6897cac320c6517f138d6fa | |
| parent | 9df2304757071f14fd82bc8e371f8e9b7c3c13f5 (diff) | |
| download | openbsd-f1b3284f138f03dbf42b525c7f8178124b99e11f.tar.gz openbsd-f1b3284f138f03dbf42b525c7f8178124b99e11f.tar.bz2 openbsd-f1b3284f138f03dbf42b525c7f8178124b99e11f.zip | |
Fix traditional SSLeay X509_NAME printing
The gibberish that was there before the rewrite didn't actually skip names
whose SN representation was different start with /O= or /OU= (with one or
two capital letters between '/' and '='), it simply failed to separate
them, resulting in nonsense such as
CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
So ditch the code doing that, simplifying this now internal function
quite a bit.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/asn1/a_strex.c | 30 |
1 files changed, 1 insertions, 29 deletions
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c index 5523c22cc4..52e1b7db5d 100644 --- a/src/lib/libcrypto/asn1/a_strex.c +++ b/src/lib/libcrypto/asn1/a_strex.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: a_strex.c,v 1.37 2025/03/09 15:17:22 tb Exp $ */ | 1 | /* $OpenBSD: a_strex.c,v 1.38 2025/03/19 11:18:38 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -565,31 +565,6 @@ do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent, | |||
| 565 | return outlen; | 565 | return outlen; |
| 566 | } | 566 | } |
| 567 | 567 | ||
| 568 | /* NID with SN of 1-2 letters, which X509_NAME_print() historically included. */ | ||
| 569 | static int | ||
| 570 | x509_name_entry_include(const X509_NAME_ENTRY *ne) | ||
| 571 | { | ||
| 572 | int nid; | ||
| 573 | |||
| 574 | if ((nid = OBJ_obj2nid(ne->object)) == NID_undef) | ||
| 575 | return 0; | ||
| 576 | |||
| 577 | switch (nid) { | ||
| 578 | case NID_commonName: | ||
| 579 | case NID_surname: | ||
| 580 | case NID_countryName: | ||
| 581 | case NID_localityName: | ||
| 582 | case NID_stateOrProvinceName: | ||
| 583 | case NID_organizationName: | ||
| 584 | case NID_organizationalUnitName: | ||
| 585 | case NID_givenName: | ||
| 586 | case NID_domainComponent: /* XXX - doesn't really belong here */ | ||
| 587 | return 1; | ||
| 588 | } | ||
| 589 | |||
| 590 | return 0; | ||
| 591 | } | ||
| 592 | |||
| 593 | static int | 568 | static int |
| 594 | X509_NAME_print(BIO *bio, const X509_NAME *name, int obase) | 569 | X509_NAME_print(BIO *bio, const X509_NAME *name, int obase) |
| 595 | { | 570 | { |
| @@ -607,9 +582,6 @@ X509_NAME_print(BIO *bio, const X509_NAME *name, int obase) | |||
| 607 | for (i = 0; i < sk_X509_NAME_ENTRY_num(name->entries); i++) { | 582 | for (i = 0; i < sk_X509_NAME_ENTRY_num(name->entries); i++) { |
| 608 | ne = sk_X509_NAME_ENTRY_value(name->entries, i); | 583 | ne = sk_X509_NAME_ENTRY_value(name->entries, i); |
| 609 | 584 | ||
| 610 | if (!x509_name_entry_include(ne)) | ||
| 611 | continue; | ||
| 612 | |||
| 613 | if (started) { | 585 | if (started) { |
| 614 | if (!CBB_add_u8(&cbb, ',')) | 586 | if (!CBB_add_u8(&cbb, ',')) |
| 615 | goto err; | 587 | goto err; |