- expand_string_message =
- string_sprintf("%s: gs1 fail: %d %s\n", __FUNCTION__,
- ret, gnutls_strerror(ret));
- return NULL;
+ siz = 0;
+ switch(ret = gnutls_x509_crt_get_subject_alt_name(
+ (gnutls_x509_crt_t)cert, index, NULL, &siz, NULL))
+ {
+ case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
+ return string_from_gstring(list); /* no more elements; normal exit */
+
+ case GNUTLS_E_SHORT_MEMORY_BUFFER:
+ break;
+
+ default:
+ return g_err("gs0", __FUNCTION__, ret);
+ }
+
+ ele = store_get(siz+1, GET_TAINTED);
+ if ((ret = gnutls_x509_crt_get_subject_alt_name(
+ (gnutls_x509_crt_t)cert, index, ele, &siz, NULL)) < 0)
+ return g_err("gs1", __FUNCTION__, ret);
+ ele[siz] = '\0';
+
+ if ( match != -1 && match != ret /* wrong type of SAN */
+ || Ustrlen(ele) != siz) /* contains a NUL */
+ continue;
+ switch (ret)
+ {
+ case GNUTLS_SAN_DNSNAME: tag = US"DNS"; break;
+ case GNUTLS_SAN_URI: tag = US"URI"; break;
+ case GNUTLS_SAN_RFC822NAME: tag = US"MAIL"; break;
+ default: continue; /* ignore unrecognised types */
+ }
+ list = string_append_listele(list, sep,
+ match == -1 ? string_sprintf("%s=%s", tag, ele) : ele);