Browse code

tls: use NID_userId instead of NID_x500UniqueIdentifier access (GH #1846)

- use NID_userId instead of NID_x500UniqueIdentifier to access the uid field
in x509 subjects in tls module
- pull request GH #1846 from Sebastian Denz, denzs at gonicus dot de

Henning Westerholt authored on 11/02/2019 20:26:10
Showing 1 changed files
... ...
@@ -68,7 +68,7 @@ enum {
68 68
 	COMP_URI,         /* URI from subject/alternative */
69 69
 	COMP_E,           /* Email address */
70 70
 	COMP_IP,          /* IP from subject/alternative */
71
-	COMP_UI,          /* Unique identifier */
71
+	COMP_UID,         /* UserID*/
72 72
 	TLSEXT_SN         /* Server name of the peer */
73 73
 };
74 74
 
... ...
@@ -97,7 +97,7 @@ enum {
97 97
 	PV_COMP_URI  = 1<<17,        /* URI from subject/alternative */
98 98
 	PV_COMP_E    = 1<<18,        /* Email address */
99 99
 	PV_COMP_IP   = 1<<19,        /* IP from subject/alternative */
100
-	PV_COMP_UI   = 1<<20,        /* Unique identifier */
100
+	PV_COMP_UID  = 1<<20,        /* UserID*/
101 101
 
102 102
 	PV_TLSEXT_SNI = 1<<21,       /* Peer's server name (TLS extension) */
103 103
 };
... ...
@@ -714,7 +714,7 @@ static int get_comp(str* res, int local, int issuer, int nid, sip_msg_t* msg)
714 714
 		case NID_countryName:            elem = "CountryName";             break;
715 715
 		case NID_stateOrProvinceName:    elem = "StateOrProvinceName";     break;
716 716
 		case NID_localityName:           elem = "LocalityName";            break;
717
-		case NID_x500UniqueIdentifier:   elem = "UniqueIdentifier";        break;
717
+		case NID_userId:                 elem = "UserID";                  break;
718 718
 		default:                         elem = "Unknown";                 break;
719 719
 		}
720 720
 		DBG("Element %s not found in certificate subject/issuer\n", elem);
... ...
@@ -762,7 +762,7 @@ static int sel_comp(str* res, select_t* s, sip_msg_t* msg)
762 762
 		case COMP_C:       nid = NID_countryName;            break;
763 763
 		case COMP_ST:      nid = NID_stateOrProvinceName;    break;
764 764
 		case COMP_L:       nid = NID_localityName;           break;
765
-		case COMP_UI:      nid = NID_x500UniqueIdentifier;   break;
765
+		case COMP_UID:     nid = NID_userId;                 break;
766 766
 		default:
767 767
 			BUG("Bug in sel_comp: %d\n", s->params[s->n - 1].v.i);
768 768
 			return -1;
... ...
@@ -804,14 +804,14 @@ static int pv_comp(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
804 804
 	}
805 805
 
806 806
 	switch(ind_local) {
807
-		case PV_COMP_CN: nid = NID_commonName;             break;
808
-		case PV_COMP_O:  nid = NID_organizationName;       break;
809
-		case PV_COMP_OU: nid = NID_organizationalUnitName; break;
810
-		case PV_COMP_C:  nid = NID_countryName;            break;
811
-		case PV_COMP_ST: nid = NID_stateOrProvinceName;    break;
812
-		case PV_COMP_L:  nid = NID_localityName;           break;
813
-		case PV_COMP_UI: nid = NID_x500UniqueIdentifier;   break;
814
-		default:      nid = NID_undef;
807
+		case PV_COMP_CN:  nid = NID_commonName;             break;
808
+		case PV_COMP_O:   nid = NID_organizationName;       break;
809
+		case PV_COMP_OU:  nid = NID_organizationalUnitName; break;
810
+		case PV_COMP_C:   nid = NID_countryName;            break;
811
+		case PV_COMP_ST:  nid = NID_stateOrProvinceName;    break;
812
+		case PV_COMP_L:   nid = NID_localityName;           break;
813
+		case PV_COMP_UID: nid = NID_userId;                 break;
814
+		default:          nid = NID_undef;
815 815
 	}
816 816
 
817 817
 	if (get_comp(&res->rs, local, issuer, nid, msg) < 0) {
... ...
@@ -1137,9 +1137,9 @@ select_row_t tls_sel[] = {
1137 1137
 	{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("organizational_unit_name"), sel_comp, DIVERSION | COMP_OU},
1138 1138
 	{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("unit"),                     sel_comp, DIVERSION | COMP_OU},
1139 1139
 
1140
-	{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("uid"),               sel_comp, DIVERSION | COMP_UI},
1141
-	{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("uniqueIdentifier"),  sel_comp, DIVERSION | COMP_UI},
1142
-	{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("unique_identifier"), sel_comp, DIVERSION | COMP_UI},
1140
+	{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("uid"),               sel_comp, DIVERSION | COMP_UID},
1141
+	{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("uniqueIdentifier"),  sel_comp, DIVERSION | COMP_UID},
1142
+	{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("unique_identifier"), sel_comp, DIVERSION | COMP_UID},
1143 1143
 
1144 1144
 	{ NULL, SEL_PARAM_INT, STR_NULL, NULL, 0}
1145 1145
 };
... ...
@@ -1263,10 +1263,10 @@ pv_export_t tls_pv[] = {
1263 1263
 	/* unique identifier for peer and local */
1264 1264
 	{{"tls_peer_subject_uid", sizeof("tls_peer_subject_uid")-1},
1265 1265
 		PVT_OTHER, pv_comp, 0,
1266
-		0, 0, pv_init_iname, PV_CERT_PEER | PV_CERT_SUBJECT | PV_COMP_UI },
1266
+		0, 0, pv_init_iname, PV_CERT_PEER | PV_CERT_SUBJECT | PV_COMP_UID },
1267 1267
 	{{"tls_my_subject_uid", sizeof("tls_my_subject_uid")-1},
1268 1268
 		PVT_OTHER, pv_comp, 0,
1269
-		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_UI },
1269
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_UID },
1270 1270
 	/* subject alternative name parameters for peer and local */	
1271 1271
 	{{"tls_peer_san_email", sizeof("tls_peer_san_email")-1},
1272 1272
 		PVT_OTHER, pv_alt, 0,