ipv6 address in subjectAltName

Shoichi Sakane Mon, 13 Aug 2001 00:42:15 -0700
here is the patch for openssl-0.9.6b to support ipv6 address
in subjectAltName.  this function requires getnameinfo() and
gethostbyname2() of "Basic Socket Interface Extensions for IPv6"
so i enclosed by IPV6ENABLED.

/Shoichi Sakane @ KAME project/

diff -rc openssl-0.9.6b/crypto/x509v3/v3_alt.c 
openssl-0.9.6b.new/crypto/x509v3/v3_alt.c
*** openssl-0.9.6b/crypto/x509v3/v3_alt.c       Thu Mar  1 22:33:53 2001
--- openssl-0.9.6b.new/crypto/x509v3/v3_alt.c   Mon Aug 13 05:15:46 2001
***************
*** 1,3 ****
--- 1,4 ----
+ #define IPV6ENABLED
  /* v3_alt.c */
  /* Written by Dr Stephen N Henson ([EMAIL PROTECTED]) for the OpenSSL
   * project 1999.
***************
*** 56,61 ****
--- 57,68 ----
   *
   */
  
+ #ifdef IPV6ENABLED
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <netdb.h>
+ #endif
  #include <stdio.h>
  #include "cryptlib.h"
  #include <openssl/conf.h>
***************
*** 137,148 ****
--- 144,190 ----
  
                case GEN_IPADD:
                p = gen->d.ip->data;
+ #ifdef IPV6ENABLED
+           {
+               struct sockaddr_storage ss;
+               memset(&ss, 0, sizeof(ss));
+               switch (gen->d.ip->length) {
+               case 4:
+               {
+                       /* supposed ipv4 address */
+                       struct sockaddr_in *sin = (struct sockaddr_in *)&ss;
+                       sin->sin_len = sizeof(struct sockaddr_in);
+                       sin->sin_family = AF_INET;
+                       memcpy(&sin->sin_addr, p, gen->d.ip->length);
+                       break;
+               }
+               case 16:
+               {
+                       /* supposed ipv6 address */
+                       struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&ss;
+                       sin6->sin6_len = sizeof(struct sockaddr_in6);
+                       sin6->sin6_family = AF_INET6;
+                       memcpy(&sin6->sin6_addr, p, gen->d.ip->length);
+                       break;
+               }
+               default:
+                       X509V3_add_value("IP Address","<invalid>", &ret);
+                       return ret;
+               }
+               if (getnameinfo((struct sockaddr *)&ss, ss.ss_len,
+                       oline, sizeof(oline), NULL, 0, NI_NUMERICHOST)) {
+                       X509V3_add_value("IP Address","<invalid>", &ret);
+                       break;
+               }
+           }
+ #else
                /* BUG: doesn't support IPV6 */
                if(gen->d.ip->length != 4) {
                        X509V3_add_value("IP Address","<invalid>", &ret);
                        break;
                }
                sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+ #endif
                X509V3_add_value("IP Address",oline, &ret);
                break;
  
***************
*** 360,365 ****
--- 402,430 ----
        gen->d.rid = obj;
        type = GEN_RID;
  } else if(!name_cmp(name, "IP")) {
+ #ifdef IPV6ENABLED
+       int af;
+       struct hostent *ent;
+ 
+       /* XXX if there is ':' in the name, supposed ipv6 address */
+       if (strchr(value, ':') == NULL)
+               af = AF_INET;
+       else
+               af = AF_INET6;
+ 
+       ent = gethostbyname2(value, af);
+       if (ent == NULL) {
+               X509V3err(X509V3_F_V2I_GENERAL_NAME, X509V3_R_BAD_IP_ADDRESS);
+               ERR_add_error_data(2, "value=", value);
+               goto err;
+       }
+       if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
+          !ASN1_STRING_set(gen->d.ip, ent->h_addr_list[0], ent->h_length)) {
+               X509V3err(X509V3_F_V2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE);
+               goto err;
+       }
+       type = GEN_IPADD;
+ #else
        int i1,i2,i3,i4;
        unsigned char ip[4];
        if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
***************
*** 376,381 ****
--- 441,447 ----
                        goto err;
        }
        type = GEN_IPADD;
+ #endif
  } else {
        X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
        ERR_add_error_data(2, "name=", name);
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
ipv6 address in subjectAltName

Reply via email to
