Hallo Sandrino
Please replace the following function in config.c and let me know how
it works for you.
static SNI *
get_one(char *filename)
{
SNI *res;
mbedtls_x509_crt *cur;
mbedtls_x509_name *nd;
mbedtls_asn1_buf data;
mbedtls_x509_sequence *san;
regex_t *one_host;
UT_array *hosts;
UT_icd regex_icd = {sizeof(regex_t), NULL, NULL, NULL};
char buf[NI_MAXHOST];
int i, j;
logmsg(1, "start get_one(%s) %s:%d", filename, __FILE__, __LINE__);
if((res = malloc(sizeof(SNI))) == NULL)
fatal("SNI: out of memory");
mbedtls_x509_crt_init(&res->certificate);
if(mbedtls_x509_crt_parse_file(&res->certificate, filename))
fatal("SNI: can't read certificate %s", filename);
mbedtls_pk_init(&res->key);
if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL))
fatal("SNI: can't read key %s", filename);
utarray_new(hosts, ®ex_icd);
for(cur = &res->certificate; cur != NULL; cur = cur->next) {
if(mbedtls_pk_check_pair(&cur->pk, &res->key))
continue;
for(nd = &cur->subject; nd != NULL; nd = nd->next)
if(MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &nd->oid) == 0) {
data = nd->val;
memset(buf, '\0', NI_MAXHOST);
for(i = j = 0; i < data.len; i++)
if(data.p[i] == '*') {
buf[j++] = '[';
buf[j++] = '^';
buf[j++] = '.';
buf[j++] = ']';
buf[j++] = '+';
} else if(data.p[i] == '.') {
buf[j++] = '\\';
buf[j++] = '.';
} else
buf[j++] = data.p[i];
buf[j] = '\0';
logmsg(4, "get_one add pattern %s %s:%d", buf,
__FILE__, __LINE__);
if((one_host = (regex_t *)malloc(sizeof(regex_t))) ==
NULL)
fatal("Can't alloc regex for %s",buf);
if(regcomp(one_host, buf, REG_ICASE | REG_EXTENDED))
fatal("Certificate in %s: bad host name pattern
%s",filename, buf);
utarray_push_back(hosts, one_host);
}
for(san = &cur->subject_alt_names; san != NULL; san = san-
>next)
if(san->buf.tag == 130) {
/* 130 seems to be the OID for DNS entries */
data = san->buf;
memset(buf, '\0', NI_MAXHOST);
for(i = j = 0; i < data.len; i++)
if(data.p[i] == '*') {
buf[j++] = '[';
buf[j++] = '^';
buf[j++] = '.';
buf[j++] = ']';
buf[j++] = '+';
} else if(data.p[i] == '.') {
buf[j++] = '\\';
buf[j++] = '.';
} else
buf[j++] = data.p[i];
buf[j] = '\0';
logmsg(4, "get_one add pattern %s %s:%d", buf,
__FILE__, __LINE__);
if((one_host = (regex_t *)malloc(sizeof(regex_t))) ==
NULL)
fatal("Can't alloc regex for %s",buf);
if(regcomp(one_host, buf, REG_ICASE | REG_EXTENDED))
fatal("Certificate in %s: bad host name pattern
%s",filename, buf);
utarray_push_back(hosts, one_host);
}
if((res->host = calloc(utarray_len(hosts), sizeof(regex_t))) ==
NULL)
fatal("SNI: out of memory");
res->host_len = utarray_len(hosts);
for(i = 0; i < res->host_len; i++)
res->host[i] = *((regex_t *)utarray_eltptr(hosts, i));
utarray_free(hosts);
}
logmsg(4, "get_one: added %d patterns %s:%d", res->host_len,
__FILE__, __LINE__);
return res;
}
--
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-32-512 30 19
--
pound mailing list
[email protected]
https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
