Unwrap subjectKeyIdentifier from OCTET_STRING
authorMartin Willi <martin@revosec.ch>
Wed, 26 May 2010 14:09:50 +0000 (16:09 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 26 May 2010 14:09:50 +0000 (16:09 +0200)
src/libstrongswan/plugins/openssl/openssl_x509.c

index 4515105..05b3c63 100644 (file)
@@ -666,10 +666,18 @@ static bool parse_authKeyIdentifier_ext(private_openssl_x509_t *this,
 static bool parse_subjectKeyIdentifier_ext(private_openssl_x509_t *this,
                                                                                   X509_EXTENSION *ext)
 {
-       free(this->subjectKeyIdentifier.ptr);
-       this->subjectKeyIdentifier = chunk_clone(openssl_asn1_str2chunk(
-                                                                                               X509_EXTENSION_get_data(ext)));
-       return TRUE;
+       chunk_t ostr;
+
+       ostr = openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext));
+       /* quick and dirty unwrap of octet string */
+       if (ostr.len > 2 &&
+               ostr.ptr[0] == V_ASN1_OCTET_STRING && ostr.ptr[1] == ostr.len - 2)
+       {
+               free(this->subjectKeyIdentifier.ptr);
+               this->subjectKeyIdentifier = chunk_clone(chunk_skip(ostr, 2));
+               return TRUE;
+       }
+       return FALSE;
 }
 
 /**