From 12b5e562002a29643f91ca3db0a0462a97d2b576 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Mon, 8 Dec 2014 16:45:12 +0300 Subject: [PATCH] crypto: separate altname extensions with ", " In newly introduced `SafeX509ExtPrint` I forgot to insert separators between extensions, which lead to the "DNS:...DNS:..." thing for npm. Fix iojs/io.js#105 --- src/node_crypto.cc | 3 +++ test/fixtures/keys/0-dns-cert.pem | 23 ++++++++++++----------- test/simple/test-tls-0-dns-altname.js | 7 ++++++- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 06651280bfeb45..9d4da66560fc54 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -1130,6 +1130,9 @@ static bool SafeX509ExtPrint(BIO* out, X509_EXTENSION* ext) { for (int i = 0; i < sk_GENERAL_NAME_num(names); i++) { GENERAL_NAME* gen = sk_GENERAL_NAME_value(names, i); + if (i != 0) + BIO_write(out, ", ", 2); + if (gen->type == GEN_DNS) { ASN1_IA5STRING* name = gen->d.dNSName; diff --git a/test/fixtures/keys/0-dns-cert.pem b/test/fixtures/keys/0-dns-cert.pem index 70171dc5d17163..6cfc6c43c460d7 100644 --- a/test/fixtures/keys/0-dns-cert.pem +++ b/test/fixtures/keys/0-dns-cert.pem @@ -1,18 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIC2jCCAcSgAwIBAgICJxEwCwYJKoZIhvcNAQEFMBUxEzARBgNVBAMWCm9oLm15 -Lmdvc2gwHxcNMTQxMTA1MDMyMDUyWhcOMzQwMTAzMTAzMjA1MlowEzERMA8GA1UE -AxYIZXZpbC5jb20wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIBCQKCAQCsFwwf1dsr +MIIC/zCCAemgAwIBAgICJxEwCwYJKoZIhvcNAQEFMBUxEzARBgNVBAMWCm9oLm15 +Lmdvc2gwHhcNMTQxMjA4MTM0MTUzWhcNMzQxMjAzMTM0MTUzWjATMREwDwYDVQQD +FghldmlsLmNvbTCCASAwCwYJKoZIhvcNAQEBA4IBDwAwggEKAoIBAQCsFwwf1dsr PdxyTHBreymbFGACLQtaOihGsSkYtIzUEF1aT90YDMzNdoLr4wkwWig5FPRMnjmX 7pXY9RVbWmwG/M2eku9S62LekUFkeY1W/QftV9LYgAg7wVDA+v3+zk/EMEqADYm6 W735tzDIKtvx+/3Dd9puQ0TLFNHBxAmTz7YNaJdIUqzs3DWT4zeZQj0RCOyWCjQL NfqQ80I7NYFYb4IJqiUY8iOTL5kPi7b5szem5EakQbhufDWun4xGTZk/URZHgYgp REbOLTYs2hqbK76biW/Yvwd1l7RsptIvJvkuQ1R/dO1WPv6PLKLTuS1EOHM3YqNH -o7wDSplOJe5rAgMBAAGhCQMHADEyMzQ1NqIJAwcANzg5YWJjoyYwJDAiBgNVHREB -AQAEGDAWghRnb29nbGUuY29tAC5ldmlsLmNvbTALBgkqhkiG9w0BAQEDggEBAHuf -1kxr49w51fC4nou96xj3IjcrJjOy5Aywn755enmaQ5Wh6AuVMHKqheITSbtoDT42 -jlIFJ3x+XmfenzV5ac8tawGNzJ+vy4+EYwL4QC11nZJ0FSLZ6KZgPI3lpShMy6Gs -bWFHDKrz6oivsitpUpeCK7aH1a7MVmr/G004vpVFe3OHggfyn9mHK3pCp0WIQuRl -PLiRgZSvryvOaf9cbVLvaUqcL480gcDVd4RGicBU52CeStocYeIHmPat1T+IOLFc -uv0VYQ4dzUfZ5c5YwwMPpHCVprxVR+grpZtd0su0bHDL5wETKBXEz8u2bmSORHgB -x2H+/2UOb6jab+IuQ08= +o7wDSplOJe5rAgMBAAGhCQMHADEyMzQ1NqIJAwcANzg5YWJjo0swSTBHBgNVHREE +QDA+ghRnb29nbGUuY29tAC5ldmlsLmNvbYIQanVzdC1hbm90aGVyLmNvbYcECAgI +CIcECAgEBIIIbGFzdC5jb20wCwYJKoZIhvcNAQEBA4IBAQBAC2n4CIXLnyONTjPc +qU0wu41wI+IQlb9mi0C7WEd9HumCbskahAp8vTs35DehnSxrl15FG0rABVtTROCv +eflBKuzwPjtnfZm37UIbQKQUtcxwMQ/zvA83w4GLrLvrFtaQRpXn/RtL/q4CIpQH +MGaPW1Gs24RVBHxI7OXf9UlUruB1yQLUbbtdBtxZ6pk/B32e3yWowbvG7OxuUL0F +1w4DD2m+GfbTyZSCfYKP/zMp3xhTxihVfZ2g07ufc51bNCftWKBLHM/QHJmn4pVo +rrz1vS9nMf/i16zrJ8Xmj61Eo4Aes37lAH5kUiT1VsNxSDcQCiqr1mcj6ByXKNCQ +wDzO -----END CERTIFICATE----- diff --git a/test/simple/test-tls-0-dns-altname.js b/test/simple/test-tls-0-dns-altname.js index 29ee7fcb4b615b..002a5ca3c1bf17 100644 --- a/test/simple/test-tls-0-dns-altname.js +++ b/test/simple/test-tls-0-dns-altname.js @@ -47,7 +47,12 @@ var server = tls.createServer({ }, function() { requests++; var cert = c.getPeerCertificate(); - assert.equal(cert.subjectaltname, 'DNS:google.com\0.evil.com'); + assert.equal(cert.subjectaltname, + 'DNS:google.com\0.evil.com, ' + + 'DNS:just-another.com, ' + + 'IP Address:8.8.8.8, '+ + 'IP Address:8.8.4.4, '+ + 'DNS:last.com'); c.write('ok'); }); });