summaryrefslogtreecommitdiff
path: root/src/openvpn/pkcs11_mbedtls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/pkcs11_mbedtls.c')
-rw-r--r--src/openvpn/pkcs11_mbedtls.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/src/openvpn/pkcs11_mbedtls.c b/src/openvpn/pkcs11_mbedtls.c
index 45372e4..bdca893 100644
--- a/src/openvpn/pkcs11_mbedtls.c
+++ b/src/openvpn/pkcs11_mbedtls.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -38,7 +39,6 @@
#include "errlevel.h"
#include "pkcs11_backend.h"
-#include "ssl_verify_backend.h"
#include <mbedtls/pkcs11.h>
#include <mbedtls/x509.h>
@@ -82,6 +82,8 @@ char *
pkcs11_certificate_dn(pkcs11h_certificate_t cert, struct gc_arena *gc)
{
char *ret = NULL;
+ char dn[1024] = {0};
+
mbedtls_x509_crt mbed_crt = {0};
if (mbedtls_pkcs11_x509_cert_bind(&mbed_crt, cert))
@@ -90,12 +92,14 @@ pkcs11_certificate_dn(pkcs11h_certificate_t cert, struct gc_arena *gc)
goto cleanup;
}
- if (!(ret = x509_get_subject(&mbed_crt, gc)))
+ if (-1 == mbedtls_x509_dn_gets(dn, sizeof(dn), &mbed_crt.subject))
{
msg(M_FATAL, "PKCS#11: mbed TLS cannot parse subject");
goto cleanup;
}
+ ret = string_alloc(dn, gc);
+
cleanup:
mbedtls_x509_crt_free(&mbed_crt);