david/ipxe
david
/
ipxe
Archived
1
0
Fork 0
Code

[crypto] Use fingerprint when no common name is available for debug messages 

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown 2014-03-28 18:42:41 +00:00
parent bc8ca6b8ce
commit d90490578d
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/crypto/x509.c
View File

@ -24,6 +24,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
#include <errno.h>
#include <assert.h>
#include <ipxe/list.h>
#include <ipxe/base16.h>
#include <ipxe/asn1.h>
#include <ipxe/crypto.h>
#include <ipxe/md5.h>
@ -120,14 +121,23 @@ FILE_LICENCE ( GPL2_OR_LATER );
*/
const char * x509_name ( struct x509_certificate *cert ) {
struct asn1_cursor *common_name = &cert->subject.common_name;
struct digest_algorithm *digest = &sha1_algorithm;
static char buf[64];
uint8_t fingerprint[ digest->digestsize ];
size_t len;
len = common_name->len;
if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
len = ( sizeof ( buf ) - 1 /* NUL */ );
memcpy ( buf, common_name->data, len );
buf[len] = '\0';
if ( len ) {
/* Certificate has a commonName: use that */
if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
len = ( sizeof ( buf ) - 1 /* NUL */ );
memcpy ( buf, common_name->data, len );
buf[len] = '\0';
} else {
/* Certificate has no commonName: use SHA-1 fingerprint */
x509_fingerprint ( cert, digest, fingerprint );
base16_encode ( fingerprint, sizeof ( fingerprint ), buf );
}
return buf;
}