RE: reading IP addresses from Subject Alternate Name extension

Wed, 17 Oct 2012 23:47:30 -0700 

> From: owner-openssl-us...@openssl.org On Behalf Of shailesh durgapal
> Sent: Tuesday, 16 October, 2012 17:14

> I am seeing inconsistent values returned from BIO_read for 
> different IP addresses. My certificate has:
> X509v3 extensions:
>             X509v3 Subject Alternative Name:
>                 IP Address:10.112.245.153
> 
> The code looks something like:
> 
> static int sslPrintf(BIO * bio, const char * format, ...)
> {
>   va_list args;
>   va_start(args, format);
>   BIO_vprintf(bio, format, args);
>   va_end(args);
> }
> 
> int getSubjectAltName(X509 * certificate)
> {
>   GENERAL_NAMES      * subjectAltNames = NULL;
>   GENERAL_NAME * pName           = NULL;
>   subjectAltNames = (GENERAL_NAMES *)
>            (X509_get_ext_d2i(certificate, 
> NID_subject_alt_name, &pos_san,
> NULL));
>   numAltNames = sk_num((STACK *)subjectAltNames);
>   
>   for (idx = 0; idx < numAltNames; ++idx)
>   {
>     pName = (GENERAL_NAME *) sk_value((STACK *)subjectAltNames, idx);
>     switch (pName->type) 
>     {
>        case GEN_IPADD:
>        {
>          const unsigned char* data = (pName->d.iPAddress)->data;
>          BIO_METHOD * bm  = BIO_s_mem();
>          BIO        * bio = BIO_new(bm);
>          if (length == 4)
>          {
>             sslPrintf(bio, "%d %d %d %d", data[0], data[1], data[2],
> data[3]);
>          }

Where did length come from? You need (genname)->d.iPAddress->length .
If length is a global variable, probably some/most of the time it 
doesn't happen to contain 4 so you don't write *anything* to the BIO 

>          for (;;)
>          {
>             i = BIO_read(bio, buf, sizeof(buf));
>             if (i < 0) break;
>          }

in which you don't read anything back either, and just leave whatever 
is in buff. Did you check i here?

>        } //case
>      } //switch
>    }
> buf, in gdb, shows 245 153 0 0 
> 
> If I recreate the cert with IP=10.129.245.153, buf is 153 0 0 0.
> For IP=10.230.245.153, the buf shows correctly as 10 230 245 153.
> 
> This piece of code of printing the IP is based on 
> GENERAL_NAME_print() in v3_alt.c
> My goal here is to get the IP address (v4 and v6) in a char 
> buf. Any ideas on what is going on? Suggestions?


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to