diff --git a/README b/README index 84fc8967b..d56ea71a3 100644 --- a/README +++ b/README @@ -339,17 +339,21 @@ modes for gpgsm, here is the entire list of ways to specify a key: * [NEW] Exact match by subject's DN This is indicated by a leading slash, directly followed by the - rfc2253 encoded DN of the subject. + rfc2253 encoded DN of the subject. Note that you can't use the + string printed by "gpgsm --list-keys" because that one as been + reordered and modified for better readability; use --with-colons to + print the raw (but standard escaped) rfc2253 string Example: - /CN=Henrich Heine,O=Poets,L=Paris,C=FR + /CN=Heinrich Heine,O=Poets,L=Paris,C=FR * [NEW] Excact match by issuer's DN This is indicated by a leading hash mark, directly followed by a slash and then directly followed by the rfc2253 encoded DN of the - issuer. This should return the Root cert of the issuer + issuer. This should return the Root cert of the issuer. See note + above. Example: @@ -359,7 +363,7 @@ modes for gpgsm, here is the entire list of ways to specify a key: This is indicated by a hash mark, followed by the hexadecmal representation of the serial number, the followed by a slahs and - the RFC2253 encoded DN of the issuer. + the RFC2253 encoded DN of the issuer. See note above. Example: diff --git a/sm/ChangeLog b/sm/ChangeLog index 8d39133ad..cdb613b1a 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,9 @@ +2004-01-29 Werner Koch + + * certdump.c (parse_dn_part): Map common OIDs to human readable + labels. Make sure that a value won't get truncated if it includes + a Nul. + 2004-01-28 Werner Koch * certchain.c (gpgsm_validate_chain): Changed the message printed diff --git a/sm/certdump.c b/sm/certdump.c index 505693973..26f3f7e2c 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -196,11 +196,31 @@ gpgsm_dump_cert (const char *text, ksba_cert_t cert) static const unsigned char * parse_dn_part (struct dn_array_s *array, const unsigned char *string) { + static struct { + const char *label; + const char *oid; + } label_map[] = { + /* Warning: When adding new labels, make sure that the buffer + below we be allocated large enough. */ + {"EMail", "1.2.840.113549.1.9.1" }, + {"T", "2.5.4.12" }, + {"GN", "2.5.4.42" }, + {"SN", "2.5.4.4" }, + {"NameDistinguisher", "0.2.262.1.10.7.20"}, + {"ADDR", "2.5.4.16" }, + {"BC", "2.5.4.15" }, + {"D", "2.5.4.13" }, + {"PostalCode", "2.5.4.17" }, + {"Pseudo", "2.5.4.65" }, + {"SerialNumber", "2.5.4.5" }, + {NULL, NULL} + }; const unsigned char *s, *s1; size_t n; unsigned char *p; + int i; - /* parse attributeType */ + /* Parse attributeType */ for (s = string+1; *s && *s != '='; s++) ; if (!*s) @@ -208,17 +228,25 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string) n = s - string; if (!n) return NULL; /* empty key */ - array->key = p = xtrymalloc (n+1); + + /* We need to allocate a few bytes more due to the possible mapping + from the shorter OID to the longer label. */ + array->key = p = xtrymalloc (n+10); if (!array->key) return NULL; memcpy (p, string, n); p[n] = 0; trim_trailing_spaces (p); - if ( !strcmp (p, "1.2.840.113549.1.9.1") ) - strcpy (p, "EMail"); - else if ( !strcmp (p, "0.2.262.1.10.7.20") ) - strcpy (p, "NameDistinguisher"); + if (digitp (p)) + { + for (i=0; label_map[i].label; i++ ) + if ( !strcmp (p, label_map[i].oid) ) + { + strcpy (p, label_map[i].label); + break; + } + } string = s + 1; if (*string == '#') @@ -228,13 +256,18 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string) s++; n = s - string; if (!n || (n & 1)) - return NULL; /* empty or odd number of digits */ + return NULL; /* Empty or odd number of digits. */ n /= 2; array->value = p = xtrymalloc (n+1); if (!p) return NULL; - for (s1=string; n; s1 += 2, n--) - *p++ = xtoi_2 (s1); + for (s1=string; n; s1 += 2, n--, p++) + { + *p = xtoi_2 (s1); + if (!*p) + *p = 0x01; /* Better print a wrong value than truncating + the string. */ + } *p = 0; } else