aboutsummaryrefslogtreecommitdiffstats
path: root/util/x509.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-01-04 10:20:51 +0100
committerKim Alvefur <zash@zash.se>2019-01-04 10:20:51 +0100
commit5ba20f8a9b1e93a99e38aedf9ec83a4f18f330f3 (patch)
tree0c1eb51f91c481f17d53697f15b37488ffd2de50 /util/x509.lua
parent170c49b52dec97673c1cb473038e0c538e239b2c (diff)
downloadprosody-5ba20f8a9b1e93a99e38aedf9ec83a4f18f330f3.tar.gz
prosody-5ba20f8a9b1e93a99e38aedf9ec83a4f18f330f3.zip
util.x509: Add function that extracts usable names from a certificate
Diffstat (limited to 'util/x509.lua')
-rw-r--r--util/x509.lua28
1 files changed, 28 insertions, 0 deletions
diff --git a/util/x509.lua b/util/x509.lua
index 15cc4d3c..1cdf07dc 100644
--- a/util/x509.lua
+++ b/util/x509.lua
@@ -20,6 +20,7 @@
local nameprep = require "util.encodings".stringprep.nameprep;
local idna_to_ascii = require "util.encodings".idna.to_ascii;
+local idna_to_unicode = require "util.encodings".idna.to_unicode;
local base64 = require "util.encodings".base64;
local log = require "util.logger".init("x509");
local s_format = string.format;
@@ -216,6 +217,32 @@ local function verify_identity(host, service, cert)
return false
end
+-- TODO Support other SANs
+local function get_identities(cert) --> set of names
+ if cert.setencode then
+ cert:setencode("utf8");
+ end
+
+ local names = {};
+
+ local ext = cert:extensions();
+ local sans = ext[oid_subjectaltname];
+ if sans and sans["dNSName"] then
+ for i = 1, #sans["dNSName"] do
+ names[ idna_to_unicode(sans["dNSName"][i]) ] = true;
+ end
+ end
+
+ local subject = cert:subject();
+ for i = 1, #subject do
+ local dn = subject[i];
+ if dn.oid == oid_commonname and nameprep(dn.value) then
+ names[dn.value] = true;
+ end
+ end
+ return names;
+end
+
local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n"..
"([0-9A-Za-z+/=\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-";
@@ -237,6 +264,7 @@ end
return {
verify_identity = verify_identity;
+ get_identities = get_identities;
pem2der = pem2der;
der2pem = der2pem;
};