WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Ensure space for name string. Reset policy count. 

Only set the name string in one place, keeping a length of the name type
to copy. Also only move cert data index once.
Reset certificate extension policy number/count in case of malicious
cert with multiple policy extensions.
pull/2571/head
Sean Parkinson 2019-11-07 12:46:57 +10:00
parent b2270a068f
commit c06efb6c1f
3 changed files with 95 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tests/api.c
View File

@ -27628,14 +27628,7 @@ static void test_wolfSSL_X509_print()
AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
#ifdef WOLFSSL_WPAS
/* WPAS adds extra "="" */
/* WPAS Issuer: /C==US/ST==Montana/L==Bozeman/O==Sawtooth/... */
/* NORM Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/... */
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3230);
#else
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3212); AssertIntEQ(BIO_get_mem_data(bio, NULL), 3212);
#endif
BIO_free(bio); BIO_free(bio);
/* print to stdout */ /* print to stdout */

173
wolfcrypt/src/asn.c
View File

@ -4943,6 +4943,10 @@ static int GetName(DecodedCert* cert, int nameType)
byte joint[3]; byte joint[3];
byte tooBig = FALSE; byte tooBig = FALSE;
int oidSz; int oidSz;
const char* copy = NULL;
int copyLen = 0;
int strLen = 0;
byte id = 0;
if (GetSet(cert->source, &cert->srcIdx, &dummy, cert->maxIdx) < 0) { if (GetSet(cert->source, &cert->srcIdx, &dummy, cert->maxIdx) < 0) {
WOLFSSL_MSG("Cert name lacks set header, trying sequence"); WOLFSSL_MSG("Cert name lacks set header, trying sequence");
@ -4963,10 +4967,6 @@ static int GetName(DecodedCert* cert, int nameType)
/* v1 name types */ /* v1 name types */
if (joint[0] == 0x55 && joint[1] == 0x04) { if (joint[0] == 0x55 && joint[1] == 0x04) {
const char* copy = NULL;
int strLen = 0;
byte id;
cert->srcIdx += 3; cert->srcIdx += 3;
id = joint[2]; id = joint[2];
if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen, if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen,
@ -4974,12 +4974,6 @@ static int GetName(DecodedCert* cert, int nameType)
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if ( (strLen + 14) > (int)(ASN_NAME_MAX - idx)) {
/* include biggest pre fix header too 4 = "/serialNumber=" */
WOLFSSL_MSG("ASN Name too big, skipping");
tooBig = TRUE;
}
if (id == ASN_COMMON_NAME) { if (id == ASN_COMMON_NAME) {
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectCN = (char *)&cert->source[cert->srcIdx]; cert->subjectCN = (char *)&cert->source[cert->srcIdx];
@ -4988,6 +4982,7 @@ static int GetName(DecodedCert* cert, int nameType)
} }
copy = WOLFSSL_COMMON_NAME; copy = WOLFSSL_COMMON_NAME;
copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->cnIdx = cert->srcIdx; dName->cnIdx = cert->srcIdx;
dName->cnLen = strLen; dName->cnLen = strLen;
@ -4995,6 +4990,7 @@ static int GetName(DecodedCert* cert, int nameType)
} }
else if (id == ASN_SUR_NAME) { else if (id == ASN_SUR_NAME) {
copy = WOLFSSL_SUR_NAME; copy = WOLFSSL_SUR_NAME;
copyLen = sizeof(WOLFSSL_SUR_NAME) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectSN = (char*)&cert->source[cert->srcIdx]; cert->subjectSN = (char*)&cert->source[cert->srcIdx];
@ -5009,6 +5005,7 @@ static int GetName(DecodedCert* cert, int nameType)
} }
else if (id == ASN_COUNTRY_NAME) { else if (id == ASN_COUNTRY_NAME) {
copy = WOLFSSL_COUNTRY_NAME; copy = WOLFSSL_COUNTRY_NAME;
copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectC = (char*)&cert->source[cert->srcIdx]; cert->subjectC = (char*)&cert->source[cert->srcIdx];
@ -5023,6 +5020,7 @@ static int GetName(DecodedCert* cert, int nameType)
} }
else if (id == ASN_LOCALITY_NAME) { else if (id == ASN_LOCALITY_NAME) {
copy = WOLFSSL_LOCALITY_NAME; copy = WOLFSSL_LOCALITY_NAME;
copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectL = (char*)&cert->source[cert->srcIdx]; cert->subjectL = (char*)&cert->source[cert->srcIdx];
@ -5037,6 +5035,7 @@ static int GetName(DecodedCert* cert, int nameType)
} }
else if (id == ASN_STATE_NAME) { else if (id == ASN_STATE_NAME) {
copy = WOLFSSL_STATE_NAME; copy = WOLFSSL_STATE_NAME;
copyLen = sizeof(WOLFSSL_STATE_NAME) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectST = (char*)&cert->source[cert->srcIdx]; cert->subjectST = (char*)&cert->source[cert->srcIdx];
@ -5051,6 +5050,7 @@ static int GetName(DecodedCert* cert, int nameType)
} }
else if (id == ASN_ORG_NAME) { else if (id == ASN_ORG_NAME) {
copy = WOLFSSL_ORG_NAME; copy = WOLFSSL_ORG_NAME;
copyLen = sizeof(WOLFSSL_ORG_NAME) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectO = (char*)&cert->source[cert->srcIdx]; cert->subjectO = (char*)&cert->source[cert->srcIdx];
@ -5065,6 +5065,7 @@ static int GetName(DecodedCert* cert, int nameType)
} }
else if (id == ASN_ORGUNIT_NAME) { else if (id == ASN_ORGUNIT_NAME) {
copy = WOLFSSL_ORGUNIT_NAME; copy = WOLFSSL_ORGUNIT_NAME;
copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectOU = (char*)&cert->source[cert->srcIdx]; cert->subjectOU = (char*)&cert->source[cert->srcIdx];
@ -5079,6 +5080,7 @@ static int GetName(DecodedCert* cert, int nameType)
} }
else if (id == ASN_SERIAL_NUMBER) { else if (id == ASN_SERIAL_NUMBER) {
copy = WOLFSSL_SERIAL_NUMBER; copy = WOLFSSL_SERIAL_NUMBER;
copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectSND = (char*)&cert->source[cert->srcIdx]; cert->subjectSND = (char*)&cert->source[cert->srcIdx];
@ -5094,6 +5096,7 @@ static int GetName(DecodedCert* cert, int nameType)
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
else if (id == ASN_BUS_CAT) { else if (id == ASN_BUS_CAT) {
copy = WOLFSSL_BUS_CAT; copy = WOLFSSL_BUS_CAT;
copyLen = sizeof(WOLFSSL_BUS_CAT) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectBC = (char*)&cert->source[cert->srcIdx]; cert->subjectBC = (char*)&cert->source[cert->srcIdx];
@ -5107,24 +5110,6 @@ static int GetName(DecodedCert* cert, int nameType)
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
} }
#endif /* WOLFSSL_CERT_EXT */ #endif /* WOLFSSL_CERT_EXT */
if (copy && !tooBig) {
XMEMCPY(&full[idx], copy, XSTRLEN(copy));
idx += (word32)XSTRLEN(copy);
#ifdef WOLFSSL_WPAS
full[idx] = '=';
idx++;
#endif
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
idx += strLen;
#if defined(OPENSSL_EXTRA)
if (count < DOMAIN_COMPONENT_MAX) {
/* store order that DN was parsed */
dName->loc[count++] = id;
}
#endif
}
cert->srcIdx += strLen;
} }
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
else if ((0 == XMEMCMP(&cert->source[cert->srcIdx], ASN_JOI_PREFIX, else if ((0 == XMEMCMP(&cert->source[cert->srcIdx], ASN_JOI_PREFIX,
@ -5134,10 +5119,6 @@ static int GetName(DecodedCert* cert, int nameType)
(cert->source[cert->srcIdx + XSTRLEN(ASN_JOI_PREFIX)] == (cert->source[cert->srcIdx + XSTRLEN(ASN_JOI_PREFIX)] ==
ASN_JOI_ST))) ASN_JOI_ST)))
{ {
int strLen;
byte id;
const char* copy = NULL;
cert->srcIdx += 10; cert->srcIdx += 10;
id = cert->source[cert->srcIdx++]; id = cert->source[cert->srcIdx++];
b = cert->source[cert->srcIdx++]; /* encoding */ b = cert->source[cert->srcIdx++]; /* encoding */
@ -5146,14 +5127,10 @@ static int GetName(DecodedCert* cert, int nameType)
cert->maxIdx) < 0) cert->maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if ((strLen + strlen(WOLFSSL_JOI_ST)) > (ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN Name too big, skipping");
tooBig = TRUE;
}
/* Check for jurisdiction of incorporation country name */ /* Check for jurisdiction of incorporation country name */
if (id == ASN_JOI_C) { if (id == ASN_JOI_C) {
copy = WOLFSSL_JOI_C; copy = WOLFSSL_JOI_C;
copyLen = sizeof(WOLFSSL_JOI_C) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectJC = (char*)&cert->source[cert->srcIdx]; cert->subjectJC = (char*)&cert->source[cert->srcIdx];
@ -5170,6 +5147,7 @@ static int GetName(DecodedCert* cert, int nameType)
/* Check for jurisdiction of incorporation state name */ /* Check for jurisdiction of incorporation state name */
else if (id == ASN_JOI_ST) { else if (id == ASN_JOI_ST) {
copy = WOLFSSL_JOI_ST; copy = WOLFSSL_JOI_ST;
copyLen = sizeof(WOLFSSL_JOI_ST) - 1;
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectJS = (char*)&cert->source[cert->srcIdx]; cert->subjectJS = (char*)&cert->source[cert->srcIdx];
@ -5183,35 +5161,21 @@ static int GetName(DecodedCert* cert, int nameType)
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
} }
if ((copy != NULL) && (tooBig != 1)) { if ((strLen + copyLen) > (int)(ASN_NAME_MAX - idx)) {
XMEMCPY(&full[idx], copy, XSTRLEN(copy)); WOLFSSL_MSG("ASN Name too big, skipping");
idx += (word32)XSTRLEN(copy); tooBig = TRUE;
#ifdef WOLFSSL_WPAS
full[idx] = '=';
idx++;
#endif
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
idx += strLen;
#if defined(OPENSSL_EXTRA)
if (count < DOMAIN_COMPONENT_MAX) {
/* store order that DN was parsed */
dName->loc[count++] = id;
} }
#endif
}
cert->srcIdx += strLen;
} }
#endif /* WOLFSSL_CERT_EXT */ #endif /* WOLFSSL_CERT_EXT */
else { else {
/* skip */ /* skip */
byte email = FALSE; byte email = FALSE;
byte pilot = FALSE; byte pilot = FALSE;
byte id = 0;
int adv;
if (joint[0] == 0x2a && joint[1] == 0x86) /* email id hdr */ if (joint[0] == 0x2a && joint[1] == 0x86) { /* email id hdr */
id = ASN_EMAIL_NAME;
email = TRUE; email = TRUE;
}
if (joint[0] == 0x9 && joint[1] == 0x92) { /* uid id hdr */ if (joint[0] == 0x9 && joint[1] == 0x92) { /* uid id hdr */
/* last value of OID is the type of pilot attribute */ /* last value of OID is the type of pilot attribute */
@ -5221,33 +5185,34 @@ static int GetName(DecodedCert* cert, int nameType)
cert->srcIdx += oidSz + 1; cert->srcIdx += oidSz + 1;
if (GetLength(cert->source, &cert->srcIdx, &adv, cert->maxIdx) < 0) if (GetLength(cert->source, &cert->srcIdx, &strLen,
cert->maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (adv > (int)(ASN_NAME_MAX - idx)) { if (strLen > (int)(ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN name too big, skipping"); WOLFSSL_MSG("ASN name too big, skipping");
tooBig = TRUE; tooBig = TRUE;
} }
if (email) { if (email) {
if ( (14 + adv) > (int)(ASN_NAME_MAX - idx)) { copyLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1;
if ((copyLen + strLen) > (int)(ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN name too big, skipping"); WOLFSSL_MSG("ASN name too big, skipping");
tooBig = TRUE; tooBig = TRUE;
} }
if (!tooBig) { else {
XMEMCPY(&full[idx], "/emailAddress=", 14); copy = WOLFSSL_EMAIL_ADDR;
idx += 14;
} }
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) { if (nameType == SUBJECT) {
cert->subjectEmail = (char*)&cert->source[cert->srcIdx]; cert->subjectEmail = (char*)&cert->source[cert->srcIdx];
cert->subjectEmailLen = adv; cert->subjectEmailLen = strLen;
} }
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->emailIdx = cert->srcIdx; dName->emailIdx = cert->srcIdx;
dName->emailLen = adv; dName->emailLen = strLen;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
{ {
@ -5260,74 +5225,45 @@ static int GetName(DecodedCert* cert, int nameType)
return MEMORY_E; return MEMORY_E;
} }
emailName->type = 0; emailName->type = 0;
emailName->name = (char*)XMALLOC(adv + 1, emailName->name = (char*)XMALLOC(strLen + 1,
cert->heap, DYNAMIC_TYPE_ALTNAME); cert->heap, DYNAMIC_TYPE_ALTNAME);
if (emailName->name == NULL) { if (emailName->name == NULL) {
WOLFSSL_MSG("\tOut of Memory"); WOLFSSL_MSG("\tOut of Memory");
XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME); XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E; return MEMORY_E;
} }
emailName->len = adv; emailName->len = strLen;
XMEMCPY(emailName->name, XMEMCPY(emailName->name, &cert->source[cert->srcIdx],
&cert->source[cert->srcIdx], adv); strLen);
emailName->name[adv] = '\0'; emailName->name[strLen] = '\0';
emailName->next = cert->altEmailNames; emailName->next = cert->altEmailNames;
cert->altEmailNames = emailName; cert->altEmailNames = emailName;
} }
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
if (!tooBig) {
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
idx += adv;
#if defined(OPENSSL_EXTRA)
if (count < DOMAIN_COMPONENT_MAX) {
/* store order that DN was parsed */
dName->loc[count++] = ASN_EMAIL_NAME;
}
#endif
}
} }
if (pilot) { if (pilot) {
if ( (5 + adv) > (int)(ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN name too big, skipping");
tooBig = TRUE;
}
if (!tooBig) {
switch (id) { switch (id) {
case ASN_USER_ID: case ASN_USER_ID:
XMEMCPY(&full[idx], "/UID=", 5); copy = WOLFSSL_USER_ID;
idx += 5; copyLen = sizeof(WOLFSSL_USER_ID) - 1;
#if defined(OPENSSL_EXTRA) || \ #if defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL) defined(OPENSSL_EXTRA_X509_SMALL)
dName->uidIdx = cert->srcIdx; dName->uidIdx = cert->srcIdx;
dName->uidLen = adv; dName->uidLen = strLen;
#ifdef OPENSSL_EXTRA
if (count < DOMAIN_COMPONENT_MAX) {
/* store order that DN was parsed */
dName->loc[count++] = ASN_USER_ID;
}
#endif
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
break; break;
case ASN_DOMAIN_COMPONENT: case ASN_DOMAIN_COMPONENT:
XMEMCPY(&full[idx], "/DC=", 4); copy = WOLFSSL_DOMAIN_COMPONENT;
idx += 4; copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
#if defined(OPENSSL_EXTRA) || \ #if defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL) defined(OPENSSL_EXTRA_X509_SMALL)
dName->dcIdx[dcnum] = cert->srcIdx; dName->dcIdx[dcnum] = cert->srcIdx;
dName->dcLen[dcnum] = adv; dName->dcLen[dcnum] = strLen;
dName->dcNum = dcnum + 1; dName->dcNum = dcnum + 1;
dcnum++; dcnum++;
#ifdef OPENSSL_EXTRA
if (count < DOMAIN_COMPONENT_MAX) {
/* store order that DN was parsed */
dName->loc[count++] = ASN_DOMAIN_COMPONENT;
}
#endif
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
break; break;
@ -5335,13 +5271,27 @@ static int GetName(DecodedCert* cert, int nameType)
WOLFSSL_MSG("Unknown pilot attribute type"); WOLFSSL_MSG("Unknown pilot attribute type");
return ASN_PARSE_E; return ASN_PARSE_E;
} }
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
idx += adv;
} }
} }
if ((copyLen + strLen) > (int)(ASN_NAME_MAX - idx))
{
WOLFSSL_MSG("ASN Name too big, skipping");
tooBig = TRUE;
}
if ((copy != NULL) && !tooBig) {
XMEMCPY(&full[idx], copy, copyLen);
idx += copyLen;
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
idx += strLen;
cert->srcIdx += adv; #ifdef OPENSSL_EXTRA
if (count < DOMAIN_COMPONENT_MAX) {
/* store order that DN was parsed */
dName->loc[count++] = id;
} }
#endif
}
cert->srcIdx += strLen;
} }
full[idx++] = 0; full[idx++] = 0;
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
@ -7757,6 +7707,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
WOLFSSL_ENTER("DecodeCertPolicy"); WOLFSSL_ENTER("DecodeCertPolicy");
#if defined(WOLFSSL_CERT_EXT)
cert->extCertPoliciesNb = 0;
#endif
if (GetSequence(input, &idx, &total_length, sz) < 0) { if (GetSequence(input, &idx, &total_length, sz) < 0) {
WOLFSSL_MSG("\tGet CertPolicy total seq failed"); WOLFSSL_MSG("\tGet CertPolicy total seq failed");
return ASN_PARSE_E; return ASN_PARSE_E;
@ -7800,7 +7754,8 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
break; break;
#elif defined(WOLFSSL_CERT_EXT) #elif defined(WOLFSSL_CERT_EXT)
/* decode cert policy */ /* decode cert policy */
if (DecodePolicyOID(cert->extCertPolicies[cert->extCertPoliciesNb], MAX_CERTPOL_SZ, if (DecodePolicyOID(cert->extCertPolicies[
cert->extCertPoliciesNb], MAX_CERTPOL_SZ,
input + idx, length) <= 0) { input + idx, length) <= 0) {
WOLFSSL_MSG("\tCouldn't decode CertPolicy"); WOLFSSL_MSG("\tCouldn't decode CertPolicy");
return ASN_PARSE_E; return ASN_PARSE_E;

3
wolfssl/wolfcrypt/asn.h
View File

@ -144,6 +144,9 @@ enum DN_Tags {
#define WOLFSSL_JOI_ST "/jurisdictionST=" #define WOLFSSL_JOI_ST "/jurisdictionST="
#define WOLFSSL_EMAIL_ADDR "/emailAddress=" #define WOLFSSL_EMAIL_ADDR "/emailAddress="
#define WOLFSSL_USER_ID "/UID="
#define WOLFSSL_DOMAIN_COMPONENT "/DC="
#if defined(WOLFSSL_APACHE_HTTPD) #if defined(WOLFSSL_APACHE_HTTPD)
/* otherName strings */ /* otherName strings */
#define WOLFSSL_SN_MS_UPN "msUPN" #define WOLFSSL_SN_MS_UPN "msUPN"