x509: rename a few variables and parameters
cn is not fully adequate as the name is not necessarily the Common Name.
Also, it's better have an explicit indication in the name of the variable if
it holds the expected name or some name from the certificate.
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index fe821d1..27662e1 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -274,7 +274,7 @@
* \param crt a certificate to be verified
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
- * \param cn expected Common Name (can be set to
+ * \param exp_name expected Common Name (can be set to
* NULL if the CN must not be verified)
* \param flags result of the verification
* \param f_vrfy verification function
@@ -290,7 +290,7 @@
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
- const char *cn, uint32_t *flags,
+ const char *exp_name, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
@@ -308,7 +308,7 @@
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
* \param profile security profile for verification
- * \param cn expected Common Name (can be set to
+ * \param exp_name expected Common Name (can be set to
* NULL if the CN must not be verified)
* \param flags result of the verification
* \param f_vrfy verification function
@@ -325,7 +325,7 @@
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
+ const char *exp_name, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 57945b0..d608513 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1798,28 +1798,28 @@
/*
* Return 0 if name matches wildcard, -1 otherwise
*/
-static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name )
+static int x509_check_wildcard( const char *exp_name, mbedtls_x509_buf *name )
{
size_t i;
- size_t cn_idx = 0, cn_len = strlen( cn );
+ size_t idx = 0, exp_len = strlen( exp_name );
if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
return( 0 );
- for( i = 0; i < cn_len; ++i )
+ for( i = 0; i < exp_len; ++i )
{
- if( cn[i] == '.' )
+ if( exp_name[i] == '.' )
{
- cn_idx = i;
+ idx = i;
break;
}
}
- if( cn_idx == 0 )
+ if( idx == 0 )
return( -1 );
- if( cn_len - cn_idx == name->len - 1 &&
- x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
+ if( exp_len - idx == name->len - 1 &&
+ x509_memcasecmp( name->p + 1, exp_name + idx, name->len - 1 ) == 0 )
{
return( 0 );
}
@@ -2209,26 +2209,27 @@
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
- const char *cn, uint32_t *flags,
+ const char *exp_name, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
- &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
+ &mbedtls_x509_crt_profile_default,
+ exp_name, flags, f_vrfy, p_vrfy ) );
}
/*
* Verify that the certificate matches wit the expected name
*/
static int x509_crt_verify_name( mbedtls_x509_crt *crt,
- const char *cn )
+ const char *exp_name )
{
- size_t cn_len;
+ size_t exp_len;
mbedtls_x509_name *name;
mbedtls_x509_sequence *cur;
name = &crt->subject;
- cn_len = strlen( cn );
+ exp_len = strlen( exp_name );
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
@@ -2236,15 +2237,15 @@
while( cur != NULL )
{
- if( cur->buf.len == cn_len &&
- x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 )
+ if( cur->buf.len == exp_len &&
+ x509_memcasecmp( exp_name, cur->buf.p, exp_len ) == 0 )
{
return( 0 );
}
if( cur->buf.len > 2 &&
memcmp( cur->buf.p, "*.", 2 ) == 0 &&
- x509_check_wildcard( cn, &cur->buf ) == 0 )
+ x509_check_wildcard( exp_name, &cur->buf ) == 0 )
{
return( 0 );
}
@@ -2258,15 +2259,15 @@
{
if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 )
{
- if( name->val.len == cn_len &&
- x509_memcasecmp( name->val.p, cn, cn_len ) == 0 )
+ if( name->val.len == exp_len &&
+ x509_memcasecmp( name->val.p, exp_name, exp_len ) == 0 )
{
return( 0 );
}
if( name->val.len > 2 &&
memcmp( name->val.p, "*.", 2 ) == 0 &&
- x509_check_wildcard( cn, &name->val ) == 0 )
+ x509_check_wildcard( exp_name, &name->val ) == 0 )
{
return( 0 );
}
@@ -2286,7 +2287,7 @@
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
- const char *cn, uint32_t *flags,
+ const char *exp_name, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
@@ -2301,10 +2302,8 @@
*flags = 0;
/* Check the expected name */
- if( cn != NULL && x509_crt_verify_name( crt, cn ) != 0 )
- {
+ if( exp_name != NULL && x509_crt_verify_name( crt, exp_name ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
- }
/* Check the type and size of the key */
pk_type = mbedtls_pk_get_type( &crt->pk );