Print unparseable SubjectAlternativeNames
In x509_info_subject_alt_name() we silently dropped names that we
couldn't parse because they are not supported or are malformed. (Being
malformed might mean damaged file, but can be a sign of incompatibility
between applications.)
This commit adds code notifying the user that there is something, but
we can't parse it.
diff --git a/library/x509_crt.c b/library/x509_crt.c
index cfd3b9d..54b4285 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1682,21 +1682,27 @@
{
mbedtls_x509_san_other_name other_name;
- ret = x509_get_other_name( &cur->buf, &other_name );
- if( ret != 0 )
- {
- /*
- * In case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned,
- * then the "otherName" is of an unsupported type. Ignore.
- */
- if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
- ret = 0;
- return( ret );
- }
+ int parse_ret = x509_get_other_name( &cur->buf, &other_name );
ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
+ if( parse_ret != 0 )
+ {
+ if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
+ {
+ ret = mbedtls_snprintf( p, n, " <unsupported>" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ }
+ else
+ {
+ ret = mbedtls_snprintf( p, n, " <malformed>" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ }
+
+ break;
+ }
+
if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
&other_name.value.hardware_module_name.oid ) != 0 )
{
@@ -1732,7 +1738,6 @@
*/
case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ):
{
-
ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
if( cur->buf.len >= n )
@@ -1747,13 +1752,14 @@
break;
/*
- * Type not supported, skip item.
+ * Type not supported.
*/
default:
+ ret = mbedtls_snprintf( p, n, "\n%s <unsupported>", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
break;
}
-
cur = cur->next;
}