Fix extract_x509_field_ssl for external objects, v2

Only fields known to OpenSSL have a NID. OBJ_txt2obj allows specifying fields by numeric OID. Signed-off-by: Hristo Venev <hristo@venev.name> Acked-by: Steffan Karger <steffan@karger.me> Message-Id: <1493853048.30207.1.camel@venev.name> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14535.html Signed-off-by: David Sommerseth <davids@openvpn.net>
2024-11-27 19:53:51 +08:00 · 2017-05-04 00:10:48 +01:00 · 2017-05-04 00:10:48 +01:00 · 69311687da
commit 69311687da
parent 7ad9177601
1 changed files with 10 additions and 2 deletions
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@ -191,16 +191,24 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out,
    X509_NAME_ENTRY *x509ne = 0;
    ASN1_STRING *asn1 = 0;
    unsigned char *buf = NULL;
-    int nid = OBJ_txt2nid(field_name);
+    ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0);
+
+    if (field_name_obj == NULL)
+    {
+        msg(D_TLS_ERRORS, "Invalid X509 attribute name '%s'", field_name);
+        return FAILURE;
+    }

    ASSERT(size > 0);
    *out = '\0';
    do
    {
        lastpos = tmp;
-        tmp = X509_NAME_get_index_by_NID(x509, nid, lastpos);
+        tmp = X509_NAME_get_index_by_OBJ(x509, field_name_obj, lastpos);
    } while (tmp > -1);

+    ASN1_OBJECT_free(field_name_obj);
+
    /* Nothing found */
    if (lastpos == -1)
    {