Browse Source

[crypto] Use fingerprint when no common name is available for debug messages

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 10 years ago
parent
commit
d90490578d
1 changed files with 14 additions and 4 deletions
  1. 14
    4
      src/crypto/x509.c

+ 14
- 4
src/crypto/x509.c View File

@@ -24,6 +24,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
24 24
 #include <errno.h>
25 25
 #include <assert.h>
26 26
 #include <ipxe/list.h>
27
+#include <ipxe/base16.h>
27 28
 #include <ipxe/asn1.h>
28 29
 #include <ipxe/crypto.h>
29 30
 #include <ipxe/md5.h>
@@ -120,14 +121,23 @@ FILE_LICENCE ( GPL2_OR_LATER );
120 121
  */
121 122
 const char * x509_name ( struct x509_certificate *cert ) {
122 123
 	struct asn1_cursor *common_name = &cert->subject.common_name;
124
+	struct digest_algorithm *digest = &sha1_algorithm;
123 125
 	static char buf[64];
126
+	uint8_t fingerprint[ digest->digestsize ];
124 127
 	size_t len;
125 128
 
126 129
 	len = common_name->len;
127
-	if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
128
-		len = ( sizeof ( buf ) - 1 /* NUL */ );
129
-	memcpy ( buf, common_name->data, len );
130
-	buf[len] = '\0';
130
+	if ( len ) {
131
+		/* Certificate has a commonName: use that */
132
+		if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
133
+			len = ( sizeof ( buf ) - 1 /* NUL */ );
134
+		memcpy ( buf, common_name->data, len );
135
+		buf[len] = '\0';
136
+	} else {
137
+		/* Certificate has no commonName: use SHA-1 fingerprint */
138
+		x509_fingerprint ( cert, digest, fingerprint );
139
+		base16_encode ( fingerprint, sizeof ( fingerprint ), buf );
140
+	}
131 141
 	return buf;
132 142
 }
133 143
 

Loading…
Cancel
Save