From d33d7f3e37de64998501d054420ee060f584ff08 Mon Sep 17 00:00:00 2001 From: Brad Hards Date: Tue, 10 Aug 2010 13:10:32 +1000 Subject: [PATCH 1/2] Add support for issuerUniqueID and subjectUniqueID These fields are deprecated, but are used by Microsoft server certificates, apparently for a GUID. --- lib/includes/gnutls/x509.h | 6 ++++ lib/x509/output.c | 60 ++++++++++++++++++++++++++++++++++++++++++++ lib/x509/x509.c | 40 +++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+), 0 deletions(-) diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 3f07ad4..b537f5f 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -152,6 +152,12 @@ extern "C" void *ret, size_t * ret_size, unsigned int *critical); + int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, + gnutls_datum_t * uniqueId); + + int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, + gnutls_datum_t * uniqueId); + #define GNUTLS_CRL_REASON_UNUSED 128 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 #define GNUTLS_CRL_REASON_CA_COMPROMISE 32 diff --git a/lib/x509/output.c b/lib/x509/output.c index e3000c0..9d5cb73 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -705,6 +705,64 @@ print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type, } static void +guiddump (gnutls_buffer_st * str, const char *data, size_t len, const char *spc) +{ + size_t j; + + if (spc) + adds (str, spc); + addf (str, "{"); + addf (str, "%.2X", (unsigned char) data[3]); + addf (str, "%.2X", (unsigned char) data[2]); + addf (str, "%.2X", (unsigned char) data[1]); + addf (str, "%.2X", (unsigned char) data[0]); + addf (str, "-"); + addf (str, "%.2X", (unsigned char) data[5]); + addf (str, "%.2X", (unsigned char) data[4]); + addf (str, "-"); + addf (str, "%.2X", (unsigned char) data[7]); + addf (str, "%.2X", (unsigned char) data[6]); + addf (str, "-"); + addf (str, "%.2X", (unsigned char) data[9]); + addf (str, "%.2X", (unsigned char) data[8]); + addf (str, "-"); + for (j = 10; j != 15; j++) + { + addf (str, "%.2X", (unsigned char) data[j]); + } + addf (str, "}\n"); +} + +static void +print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert) +{ + int result; + gnutls_datum_t datum = { NULL, 0 }; + + result = gnutls_x509_crt_get_issuer_unique_id (cert, &datum); + if (result >= 0) + { + addf (str, ("\t\tIssuer Unique ID:\n")); + hexdump (str, datum.data, datum.size, "\t\t\t"); + if (datum.size == 16) { /* this could be a GUID */ + guiddump (str, datum.data, datum.size, "\t\t\t"); + } + _gnutls_free_datum(&datum); + } + + result = gnutls_x509_crt_get_subject_unique_id (cert, &datum); + if (result >= 0) + { + addf (str, ("\t\tSubject Unique ID:\n")); + hexdump (str, datum.data, datum.size, "\t\t\t"); + if (datum.size == 16) { /* this could be a GUID */ + guiddump (str, datum.data, datum.size, "\t\t\t"); + } + _gnutls_free_datum(&datum); + } +} + +static void print_extensions (gnutls_buffer_st * str, const char *prefix, int type, cert_type_t cert) { @@ -1158,6 +1216,8 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) } } + print_unique_ids(str, cert); + /* Extensions. */ if (gnutls_x509_crt_get_version (cert) >= 3) { diff --git a/lib/x509/x509.c b/lib/x509/x509.c index acca0d1..f74c2bb 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -3193,3 +3193,43 @@ error: gnutls_x509_crt_deinit (certs[j]); return ret; } + +/** + * gnutls_x509_crt_get_subject_unique_id: + * @crt: Holds the certificate + * @unique_id: will hold the subjectUniqueID value + * + * This function will extract the subjectUniqueID value (if present) for + * the given certificate. + * + * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. + **/ +int +gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, + gnutls_datum_t * uniqueId) +{ + int result; + result = + _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID", uniqueId, 2); + return result; +} + +/** + * gnutls_x509_crt_get_issuer_unique_id: + * @crt: Holds the certificate + * @unique_id: will hold the issuerUniqueID value + * + * This function will extract the issuerUniqueID value (if present) for + * the given certificate. + * + * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. + **/ +int +gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, + gnutls_datum_t * uniqueId) +{ + int result; + result = + _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID", uniqueId, 2); + return result; +} -- 1.7.2