diff options
author | Kim Alvefur <zash@zash.se> | 2019-01-04 10:20:51 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2019-01-04 10:20:51 +0100 |
commit | 5ba20f8a9b1e93a99e38aedf9ec83a4f18f330f3 (patch) | |
tree | 0c1eb51f91c481f17d53697f15b37488ffd2de50 | |
parent | 170c49b52dec97673c1cb473038e0c538e239b2c (diff) | |
download | prosody-5ba20f8a9b1e93a99e38aedf9ec83a4f18f330f3.tar.gz prosody-5ba20f8a9b1e93a99e38aedf9ec83a4f18f330f3.zip |
util.x509: Add function that extracts usable names from a certificate
-rw-r--r-- | util/x509.lua | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/util/x509.lua b/util/x509.lua index 15cc4d3c..1cdf07dc 100644 --- a/util/x509.lua +++ b/util/x509.lua @@ -20,6 +20,7 @@ local nameprep = require "util.encodings".stringprep.nameprep; local idna_to_ascii = require "util.encodings".idna.to_ascii; +local idna_to_unicode = require "util.encodings".idna.to_unicode; local base64 = require "util.encodings".base64; local log = require "util.logger".init("x509"); local s_format = string.format; @@ -216,6 +217,32 @@ local function verify_identity(host, service, cert) return false end +-- TODO Support other SANs +local function get_identities(cert) --> set of names + if cert.setencode then + cert:setencode("utf8"); + end + + local names = {}; + + local ext = cert:extensions(); + local sans = ext[oid_subjectaltname]; + if sans and sans["dNSName"] then + for i = 1, #sans["dNSName"] do + names[ idna_to_unicode(sans["dNSName"][i]) ] = true; + end + end + + local subject = cert:subject(); + for i = 1, #subject do + local dn = subject[i]; + if dn.oid == oid_commonname and nameprep(dn.value) then + names[dn.value] = true; + end + end + return names; +end + local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n".. "([0-9A-Za-z+/=\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-"; @@ -237,6 +264,7 @@ end return { verify_identity = verify_identity; + get_identities = get_identities; pem2der = pem2der; der2pem = der2pem; }; |