X509_VERIFY_PARAM_free(param);
}
-/**
- * Retrieves the common name for an X509 certificate.
- *
- * @param certificate The X509 certificate.
- * @returns The common name.
- */
-String GetCertificateCN(const boost::shared_ptr<X509>& certificate)
+static String GetX509NameCN(X509_NAME *name)
{
char errbuf[120];
char buffer[256];
- int rc = X509_NAME_get_text_by_NID(X509_get_subject_name(certificate.get()),
- NID_commonName, buffer, sizeof(buffer));
+ int rc = X509_NAME_get_text_by_NID(name, NID_commonName, buffer, sizeof(buffer));
if (rc == -1) {
Log(LogCritical, "SSL")
return buffer;
}
+/**
+ * Retrieves the common name for an X509 certificate.
+ *
+ * @param certificate The X509 certificate.
+ * @returns The common name.
+ */
+String GetCertificateCN(const boost::shared_ptr<X509>& certificate)
+{
+ return GetX509NameCN(X509_get_subject_name(certificate.get()));
+}
+
/**
* Retrieves an X509 certificate from the specified file.
*
ASN1_INTEGER_set(X509_get_serialNumber(cert), serial);
- X509_EXTENSION *ext;
X509V3_CTX ctx;
X509V3_set_ctx_nodb(&ctx);
X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
else
attr = "critical,CA:FALSE";
- ext = X509V3_EXT_conf_nid(NULL, &ctx, NID_basic_constraints, const_cast<char *>(attr));
+ X509_EXTENSION *basicConstraintsExt = X509V3_EXT_conf_nid(NULL, &ctx, NID_basic_constraints, const_cast<char *>(attr));
+
+ if (basicConstraintsExt) {
+ X509_add_ext(cert, basicConstraintsExt, -1);
+ X509_EXTENSION_free(basicConstraintsExt);
+ }
- if (ext)
- X509_add_ext(cert, ext, -1);
+ String cn = GetX509NameCN(subject);
- X509_EXTENSION_free(ext);
+ if (!cn.Contains(" ") && cn.Contains(".")) {
+ String san = "DNS:" + cn;
+ X509_EXTENSION *subjectAltNameExt = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_alt_name, const_cast<char *>(san.CStr()));
+ if (subjectAltNameExt) {
+ X509_add_ext(cert, subjectAltNameExt, -1);
+ X509_EXTENSION_free(subjectAltNameExt);
+ }
+ }
X509_sign(cert, cakey, EVP_sha256());
projects / icinga2 / commitdiff