[crypto] Use fingerprint when no common name is available for debug messages

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 38acb2ac456c8475a2dc6f741bd2157f6435543b..fa361474247c66dd7e670588c6faac818e3a7050 100644 (file)
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -24,6 +24,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <errno.h>
 #include <assert.h>
 #include <ipxe/list.h>
+#include <ipxe/base16.h>
 #include <ipxe/asn1.h>
 #include <ipxe/crypto.h>
 #include <ipxe/md5.h>
@@ -120,14 +121,23 @@ FILE_LICENCE ( GPL2_OR_LATER );
  */
 const char * x509_name ( struct x509_certificate *cert ) {
        struct asn1_cursor *common_name = &cert->subject.common_name;
+       struct digest_algorithm *digest = &sha1_algorithm;
        static char buf[64];
+       uint8_t fingerprint[ digest->digestsize ];
        size_t len;
 
        len = common_name->len;
-       if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
-               len = ( sizeof ( buf ) - 1 /* NUL */ );
-       memcpy ( buf, common_name->data, len );
-       buf[len] = '\0';
+       if ( len ) {
+               /* Certificate has a commonName: use that */
+               if ( len > ( sizeof ( buf ) - 1 /* NUL */ ) )
+                       len = ( sizeof ( buf ) - 1 /* NUL */ );
+               memcpy ( buf, common_name->data, len );
+               buf[len] = '\0';
+       } else {
+               /* Certificate has no commonName: use SHA-1 fingerprint */
+               x509_fingerprint ( cert, digest, fingerprint );
+               base16_encode ( fingerprint, sizeof ( fingerprint ), buf );
+       }
        return buf;
 }