From 9d12a770fcec9f07edd23716ad7b7aa336776f41 Mon Sep 17 00:00:00 2001 From: Joel Klinghed Date: Thu, 30 Mar 2017 23:20:50 +0200 Subject: Add certificate support for subject alt name for mbedtls --- src/ssl_mbedtls.cc | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/ssl_mbedtls.cc b/src/ssl_mbedtls.cc index 10de993..876b076 100644 --- a/src/ssl_mbedtls.cc +++ b/src/ssl_mbedtls.cc @@ -2,10 +2,13 @@ #include "common.hh" +#include +#include #include #include #include #include +#include #include #include #include @@ -433,6 +436,35 @@ private: } }; +int mbedtls_x509write_crt_set_subject_alt_name( + mbedtls_x509write_cert* ctx, const char* name) { + unsigned char buf[256]; + unsigned char *c = buf + sizeof(buf); + int ret; + size_t len = 0; + size_t namelen; + + if (name == NULL) + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + + namelen = strlen(name); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf, + reinterpret_cast(name), namelen)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, namelen)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)); + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + + return mbedtls_x509write_crt_set_extension( + ctx, + MBEDTLS_OID_SUBJECT_ALT_NAME, + MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME), + 1, c, len); +} + } // namespace // static @@ -571,6 +603,11 @@ bool SSLCert::generate(Logger* logger, SSLEntropy* entropy, goto error; } + if (mbedtls_x509write_crt_set_subject_alt_name(&crt, host.c_str())) { + logerr(logger, ret, "Unable to set subject alt name"); + goto error; + } + if (mbedtls_mpi_fill_random( &serial, 32, mbedtls_ctr_drbg_random, static_cast(entropy)->random())) { -- cgit v1.2.3-70-g09d2