Skip to content

Commit 5151a22

Browse files
dgarskedgarske
authored
Merge pull request #8880 from holtrop/fix-printing-cert-with-empty-issuer-name
Fix printing empty names in certificates
2 parents 05ff129 + 3bd9b2e commit 5151a22

6 files changed

Lines changed: 48 additions & 2 deletions

File tree

certs/empty-issuer-cert.pem

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIICnzCCAYegAwIBAgIQU1iTAJIjUtSgSXdIIsSjfzANBgkqhkiG9w0BAQsFADAA
3+
MCAXDTI1MDYxNjE1MzUzMVoYDzIxMjUwNTIzMTUzNTMxWjAAMIIBIjANBgkqhkiG
4+
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOqupjygE+kYGouC/fcDyPnOoimqKOL/dqdA
5+
vyRfTL93qgOpkpE6LgdbnUdOIqLgzo66uymwMvzZ3n5ZOfNpjk+ZZ6BA9fPlfnSb
6+
UEF944metFas1zX7WMrx7lVp/tviMzVcAN8tegY5upOrRK4CmpjnNrHyn4La/aO6
7+
Xjf/87T2ESt8gpwdfwSKJJp6wKxlplShyXwFERG+J3cyGOrHwqj7m/MHMkNleRra
8+
WVuGHNN1KIMkM1uu+5mddGoAeft9q72IU5dzHh8L4Bie3BeXmXbym9V5Ol1kunJL
9+
+tQhTy/pkez2JmnbzSgCMsP1CvjudTdHBpGsQvKu4khs6+iL/wIDAQABoxMwETAP
10+
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBhWgTR9Aldz76zdSIe
11+
PktR4h4HkTSzdrnY17S3vgRRpYtG3wvVNEFoNrq5qHAt+LuaG0zujU0CtRBZS40F
12+
8gtgs8tHRbi3erT2WzE0r60KUIEtDUr+MNI2eQqPMR0DQEdheiIW4cGV5brvsCsA
13+
iv8EnXtUq/JB2os40eFsYi6c9clMZxKwk2AmOYB8i4hvONxyfs0mSP+yJWRVXWoq
14+
iRcpynIyeaWhTW+Y4Fl4o81a+Ei23NLQkFH6jVAkk2bSkn6W3DwQXhtFu0aBO52E
15+
zRGGzKBMqwS82tNxHXjwZu0BunDCrpjoDR5RxKiCWWw5ckASQVRpz1Gg3nA8iOB7
16+
fnXW
17+
-----END CERTIFICATE-----

certs/include.am

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ EXTRA_DIST += \
3030
certs/ecc-keyPkcs8.der \
3131
certs/ecc-client-key.pem \
3232
certs/ecc-client-keyPub.pem \
33+
certs/empty-issuer-cert.pem \
3334
certs/client-ecc-cert.pem \
3435
certs/client-ca.pem \
3536
certs/dh2048.pem \

certs/test/gen-testcerts.sh

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,3 +228,11 @@ generate_expired_certs expired/expired-cert ../server-key.pem
228228

229229

230230
generate_test_trusted_cert ossl-trusted-cert localhost "" 1
231+
232+
# Note on certs/empty-issuer-cert.pem:
233+
# OpenSSL did not like to generate this certificate with an empty CN in the
234+
# conf file.
235+
# The following commands were used to generate this certificate file:
236+
# wolfssl genkey rsa -size 2048 -out mykey -outform pem -output KEY
237+
# wolfssl req -new -days 36500 -key mykey.priv -out empty-issuer-cert.pem -x509
238+
# (pressing enter for ean input without entering any input text)

src/x509.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13874,7 +13874,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
1387413874

1387513875
WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex");
1387613876

13877-
if ((name == NULL) || (name->sz == 0) || (bio == NULL))
13877+
if ((name == NULL) || (bio == NULL))
1387813878
return WOLFSSL_FAILURE;
1387913879

1388013880
XMEMSET(eqStr, 0, sizeof(eqStr));

tests/api.c

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22154,7 +22154,7 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
2215422154
ExpectIntEQ(X509_NAME_print_ex(NULL, NULL, 0, 0), WOLFSSL_FAILURE);
2215522155
ExpectIntEQ(X509_NAME_print_ex(membio, NULL, 0, 0), WOLFSSL_FAILURE);
2215622156
ExpectIntEQ(X509_NAME_print_ex(NULL, name, 0, 0), WOLFSSL_FAILURE);
22157-
ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_FAILURE);
22157+
ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_SUCCESS);
2215822158
ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
2215922159
wolfSSL_X509_NAME_free(empty);
2216022160
BIO_free(membio);
@@ -22178,6 +22178,24 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
2217822178
BIO_free(bio);
2217922179
name = NULL;
2218022180

22181+
/* Test with empty issuer cert empty-issuer-cert.pem.
22182+
* See notes in certs/test/gen-testcerts.sh for how it was generated. */
22183+
ExpectNotNull(bio = BIO_new(BIO_s_file()));
22184+
ExpectIntGT(BIO_read_filename(bio, noIssuerCertFile), 0);
22185+
ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL));
22186+
ExpectNotNull(name = X509_get_subject_name(x509));
22187+
22188+
ExpectNotNull(membio = BIO_new(BIO_s_mem()));
22189+
ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
22190+
/* Should be empty string "" */
22191+
ExpectIntEQ((memSz = BIO_get_mem_data(membio, &mem)), 0);
22192+
22193+
BIO_free(membio);
22194+
membio = NULL;
22195+
X509_free(x509);
22196+
BIO_free(bio);
22197+
name = NULL;
22198+
2218122199
/* Test normal case without escaped characters */
2218222200
{
2218322201
/* Create name: "/C=US/CN=wolfssl.com" */

wolfssl/test.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -527,6 +527,7 @@ err_sys_with_errno(const char* msg)
527527
#define cliEd448CertFile "certs/ed448/client-ed448.pem"
528528
#define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem"
529529
#define caEd448CertFile "certs/ed448/ca-ed448.pem"
530+
#define noIssuerCertFile "certs/empty-issuer-cert.pem"
530531
#define caCertFolder "certs/"
531532
#ifdef HAVE_WNR
532533
/* Whitewood netRandom default config file */
@@ -590,6 +591,7 @@ err_sys_with_errno(const char* msg)
590591
#define cliEd448CertFile "./certs/ed448/client-ed448.pem"
591592
#define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem"
592593
#define caEd448CertFile "./certs/ed448/ca-ed448.pem"
594+
#define noIssuerCertFile "./certs/empty-issuer-cert.pem"
593595
#define caCertFolder "./certs/"
594596
#ifdef HAVE_WNR
595597
/* Whitewood netRandom default config file */

0 commit comments

Comments
 (0)