Better support for the different Attribute Types from IETF PKIX (RFC 5280)
diff --git a/ChangeLog b/ChangeLog
index ade9e15..5b1529c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,7 @@
* POLARSSL_CONFIG_OPTIONS has been removed. All values are individually
checked and filled in the relevant module headers
* Debug module only outputs full lines instead of parts
+ * Better support for the different Attribute Types from IETF PKIX (RFC 5280)
Bugfix
* Only iterate over actual certificates in ssl_write_certificate_request()
diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h
index ade4683..d825f4c 100644
--- a/include/polarssl/oid.h
+++ b/include/polarssl/oid.h
@@ -105,14 +105,23 @@
*/
#define OID_AT OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
#define OID_AT_CN OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define OID_AT_SUR_NAME OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
#define OID_AT_SERIAL_NUMBER OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
#define OID_AT_COUNTRY OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
#define OID_AT_LOCALITY OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
#define OID_AT_STATE OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
#define OID_AT_ORGANIZATION OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
#define OID_AT_ORG_UNIT OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define OID_AT_TITLE OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
#define OID_AT_POSTAL_ADDRESS OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
#define OID_AT_POSTAL_CODE OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define OID_AT_GIVEN_NAME OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define OID_AT_INITIALS OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define OID_AT_GENERATION_QUALIFIER OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define OID_AT_DN_QUALIFIER OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define OID_AT_PSEUDONYM OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+
+#define OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
/*
* OIDs for standard certificate extensions
diff --git a/library/oid.c b/library/oid.c
index a2b929b..2a61193 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -196,6 +196,38 @@
"postalCode",
},
{
+ { ADD_LEN( OID_AT_SUR_NAME ), "id-at-surName", "Surname" },
+ "SN",
+ },
+ {
+ { ADD_LEN( OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" },
+ "GN",
+ },
+ {
+ { ADD_LEN( OID_AT_INITIALS ), "id-at-initials", "Initials" },
+ "initials",
+ },
+ {
+ { ADD_LEN( OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
+ "generationQualifier",
+ },
+ {
+ { ADD_LEN( OID_AT_TITLE ), "id-at-title", "Title" },
+ "title",
+ },
+ {
+ { ADD_LEN( OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" },
+ "dnQualifier",
+ },
+ {
+ { ADD_LEN( OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" },
+ "pseudonym",
+ },
+ {
+ { ADD_LEN( OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" },
+ "DC",
+ },
+ {
{ NULL, 0, NULL, NULL },
NULL,
}
diff --git a/library/x509_create.c b/library/x509_create.c
index 7637e61..8e12c14 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -53,18 +53,30 @@
{
if( c - s == 2 && strncasecmp( s, "CN", 2 ) == 0 )
oid = OID_AT_CN;
+ else if( c - s == 10 && strncasecmp( s, "commonName", 10 ) == 0 )
+ oid = OID_AT_CN;
else if( c - s == 1 && strncasecmp( s, "C", 1 ) == 0 )
oid = OID_AT_COUNTRY;
+ else if( c - s == 11 && strncasecmp( s, "countryName", 11 ) == 0 )
+ oid = OID_AT_COUNTRY;
else if( c - s == 1 && strncasecmp( s, "O", 1 ) == 0 )
oid = OID_AT_ORGANIZATION;
+ else if( c - s == 16 && strncasecmp( s, "organizationName", 16 ) == 0 )
+ oid = OID_AT_ORGANIZATION;
else if( c - s == 1 && strncasecmp( s, "L", 1 ) == 0 )
oid = OID_AT_LOCALITY;
+ else if( c - s == 8 && strncasecmp( s, "locality", 8 ) == 0 )
+ oid = OID_AT_LOCALITY;
else if( c - s == 1 && strncasecmp( s, "R", 1 ) == 0 )
oid = OID_PKCS9_EMAIL;
else if( c - s == 2 && strncasecmp( s, "OU", 2 ) == 0 )
oid = OID_AT_ORG_UNIT;
+ else if( c - s == 22 && strncasecmp( s, "organizationalUnitName", 22 ) == 0 )
+ oid = OID_AT_ORG_UNIT;
else if( c - s == 2 && strncasecmp( s, "ST", 2 ) == 0 )
oid = OID_AT_STATE;
+ else if( c - s == 19 && strncasecmp( s, "stateOrProvinceName", 19 ) == 0 )
+ oid = OID_AT_STATE;
else if( c - s == 12 && strncasecmp( s, "emailAddress", 12 ) == 0 )
oid = OID_PKCS9_EMAIL;
else if( c - s == 12 && strncasecmp( s, "serialNumber", 12 ) == 0 )
@@ -73,6 +85,28 @@
oid = OID_AT_POSTAL_ADDRESS;
else if( c - s == 10 && strncasecmp( s, "postalCode", 10 ) == 0 )
oid = OID_AT_POSTAL_CODE;
+ else if( c - s == 11 && strncasecmp( s, "dnQualifier", 11 ) == 0 )
+ oid = OID_AT_DN_QUALIFIER;
+ else if( c - s == 5 && strncasecmp( s, "title", 5 ) == 0 )
+ oid = OID_AT_TITLE;
+ else if( c - s == 7 && strncasecmp( s, "surName", 7 ) == 0 )
+ oid = OID_AT_SUR_NAME;
+ else if( c - s == 2 && strncasecmp( s, "SN", 2 ) == 0 )
+ oid = OID_AT_SUR_NAME;
+ else if( c - s == 9 && strncasecmp( s, "givenName", 9 ) == 0 )
+ oid = OID_AT_GIVEN_NAME;
+ else if( c - s == 2 && strncasecmp( s, "GN", 2 ) == 0 )
+ oid = OID_AT_GIVEN_NAME;
+ else if( c - s == 8 && strncasecmp( s, "initials", 8 ) == 0 )
+ oid = OID_AT_INITIALS;
+ else if( c - s == 9 && strncasecmp( s, "pseudonym", 9 ) == 0 )
+ oid = OID_AT_PSEUDONYM;
+ else if( c - s == 19 && strncasecmp( s, "generationQualifier", 19 ) == 0 )
+ oid = OID_AT_GENERATION_QUALIFIER;
+ else if( c - s == 15 && strncasecmp( s, "domainComponent", 15 ) == 0 )
+ oid = OID_DOMAIN_COMPONENT;
+ else if( c - s == 2 && strncasecmp( s, "DC", 2 ) == 0 )
+ oid = OID_DOMAIN_COMPONENT;
else
{
ret = POLARSSL_ERR_X509_UNKNOWN_OID;