x509: allow empty DNs on parsing for subject DNs

diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 5f20a75051acf4af8ac4d6f73fbe2f29214f72b7..483b6e8d960c63f7417d24dcfabe95acb64e67d5 100644 (file)
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -210,7 +210,7 @@ gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, char *buf,
 
        return _gnutls_x509_parse_dn(crl->crl,
                                     "tbsCertList.issuer.rdnSequence",
-                                    buf, sizeof_buf);
+                                    buf, sizeof_buf, 0);
 }
 
 /**

diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index b3a04e7b472481909bd2b42308054b340e1b3540..faf6443bb5e5c505a127cc1b80e3f15dd028afba 100644 (file)
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -269,7 +269,7 @@ gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, size_t * buf_size)
 
        return _gnutls_x509_parse_dn(crq->crq,
                                     "certificationRequestInfo.subject.rdnSequence",
-                                    buf, buf_size);
+                                    buf, buf_size, 1);
 }
 
 /**

diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 5e6242698c3446e39db6872ff2c48342eaf81e61..5e0b7026ffe3ccb4b7ca2efb89467d513ae280b9 100644 (file)
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -227,7 +227,7 @@ _gnutls_x509_get_dn(ASN1_TYPE asn1_struct,
 int
 _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
                      const char *asn1_rdn_name, char *buf,
-                     size_t * buf_size)
+                     size_t * buf_size, unsigned allow_empty)
 {
        int ret;
        gnutls_datum_t dn = {NULL, 0};
@@ -243,8 +243,14 @@ _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
                *buf_size = 0;
 
        ret = _gnutls_x509_get_dn(asn1_struct, asn1_rdn_name, &dn);
-       if (ret < 0)
+       if (ret < 0) {
+               if (allow_empty && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+                       gnutls_assert();
+                       *buf_size = 0;
+                       return 0;
+               }
                return gnutls_assert_val(ret);
+       }
 
        if (dn.size >= (unsigned int) *buf_size) {
                gnutls_assert();
@@ -864,7 +870,7 @@ gnutls_x509_rdn_get(const gnutls_datum_t * idn,
                return _gnutls_asn2err(result);
        }
 
-       result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, buf_size);
+       result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, buf_size, 0);
 
        asn1_delete_structure(&dn);
        return result;

diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index 92db9b6aad581af5b9d47fb16894832b5a522510..b52b94f9156de08c4165257427664cadf47032a4 100644 (file)
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -1123,7 +1123,7 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
 
        ret = _gnutls_x509_parse_dn
            (resp->basicresp, "tbsResponseData.responderID.byName",
-            NULL, &l);
+            NULL, &l, 0);
        if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
                if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
                        return 0; /* for backwards compatibility */
@@ -1139,7 +1139,7 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
 
        ret = _gnutls_x509_parse_dn
            (resp->basicresp, "tbsResponseData.responderID.byName",
-            (char *) dn->data, &l);
+            (char *) dn->data, &l, 0);
        if (ret != GNUTLS_E_SUCCESS) {
                gnutls_assert();
                return ret;

diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 8d76f0df8dad012df4cb615db60da7a3071441dd..ef27a68d38309c1e37266ba0221024cce889fe1c 100644 (file)
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -496,7 +496,7 @@ gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf,
 
        return _gnutls_x509_parse_dn(cert->cert,
                                     "tbsCertificate.issuer.rdnSequence",
-                                    buf, buf_size);
+                                    buf, buf_size, 0);
 }
 
 /**
@@ -640,7 +640,7 @@ gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf,
 
        return _gnutls_x509_parse_dn(cert->cert,
                                     "tbsCertificate.subject.rdnSequence",
-                                    buf, buf_size);
+                                    buf, buf_size, 1);
 }
 
 /**

diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 2c275f4b456801bc9cf6be034ea132687423c4be..31475f06784d654c26aa72bab96f88a5479f852e 100644 (file)
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -160,7 +160,7 @@ int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
 
 int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
                          const char *asn1_rdn_name, char *buf,
-                         size_t * sizeof_buf);
+                         size_t * sizeof_buf, unsigned allow_empty);
 
 int
 _gnutls_x509_get_dn(ASN1_TYPE asn1_struct,