Skip to content

Fix DirName formatting in subjectAltName #20312 #20646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rizwan3d wants to merge 3 commits into
base: master
Choose a base branch
from
+101 −1
Open

Fix DirName formatting in subjectAltName #20312 #20646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
befa1a0
Fix DirName formatting in subjectAltName #20312
rizwan3d Dec 4, 2025
3104626
Fix: label followed by a declaration is a C23 extension
rizwan3d Dec 4, 2025
0f30a39
Fix: Build Issue
rizwan3d Dec 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 51 additions & 1 deletion ext/openssl/openssl_backend_common.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -666,7 +666,57 @@ int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
as = name->d.uniformResourceIdentifier;
BIO_write(bio, ASN1_STRING_get0_data(as),
ASN1_STRING_length(as));
break;
break;
case GEN_DIRNAME:
BIO_puts(bio,"DirName:");

X509_NAME *dirn = name->d.dirn;
char *oneline;

if (dirn != NULL && (oneline = X509_NAME_oneline(dirn, NULL, 0)) != NULL)
{
char *comma = strchr(oneline, ',');
if (comma != NULL)
{
BIO_puts(bio,oneline);
}
else
{
char *p = oneline;
char *seg_start = oneline;

while (*p != '\0') {
if (*p == ',') {
if (p > seg_start) {
size_t len = (size_t)(p - seg_start);
while (len > 0) {
int chunk = (len > INT_MAX) ? INT_MAX : (int)len;
BIO_write(bio, seg_start, chunk);
seg_start += chunk;
len -= (size_t)chunk;
}
}

BIO_write(bio, "\\,", 2);
seg_start = p + 1;
}
p++;
}

if (p > seg_start)
{
size_t len = (size_t)(p - seg_start);
while (len > 0) {
int chunk = (len > INT_MAX) ? INT_MAX : (int)len;
BIO_write(bio, seg_start, chunk);
seg_start += chunk;
len -= (size_t)chunk;
}
}
}
OPENSSL_free(oneline);
}
break;
default:
/* use builtin print for GEN_OTHERNAME, GEN_X400,
* GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
Expand Down
50 changes: 50 additions & 0 deletions ext/openssl/tests/subjectAltName.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
--TEST--
DirName in subjectAltName uses name-style notation with escaped commas
--EXTENSIONS--
openssl
--FILE--
<?php
$cert = <<<'PEM'
-----BEGIN CERTIFICATE-----
MIIEbzCCA1egAwIBAgIUdeUsBnjgTxURiuUArMHKO9iz0RwwDQYJKoZIhvcNAQEL
BQAwZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk15IENvbXBhbnkxFDASBgNVBAMMC2V4
YW1wbGUuY29tMB4XDTI1MTAyNzE4NTkyN1oXDTI2MTAyNzE4NTkyN1owZTELMAkG
A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFu
Y2lzY28xEzARBgNVBAoMCk15IENvbXBhbnkxFDASBgNVBAMMC2V4YW1wbGUuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/ojIyYq0/eUPO/iTeKa
/lgeJUkfp9OR+RW9w+3SlVSh+PoxBaXtiJGUHNJ1L+QCAESOgt5PCe3XhZ7sPBZF
hy+6SZYl46x5FwpDoqwo15mjJrgJ+RRrlUsaFGfGFAbucLcHUB7tMqa/drPzRLLb
/1JW94R+Gb9uk/v8x6AYpeL1fjreagYNDGUgRw/5kQ0a84wmJqXBWVSH0yLeDnuu
BvVStxI/omxAnRmttjLCs/WswwJHJC3iMy4ocP8Xe7xhz9m9nOiOYFLGaCZNPjMC
xeylAgVfdtBe099Y6F3maIxZaVCGHKalwHB6dNwD//m0j6q8ylt5eEeSSSEf51mc
SQIDAQABo4IBFTCCAREwge8GA1UdEQSB5zCB5IILZXhhbXBsZS5jb22CD3d3dy5l
eGFtcGxlLmNvbYIVc3ViZG9tYWluLmV4YW1wbGUuY29thwTAqAEBhxAmB/DQEAIA
UQAAAAAAAAAEgRFhZG1pbkBleGFtcGxlLmNvbaQ+MDwxETAPBgNVBAMMCEpvaG4g
RG9lMRowGAYDVQQKDBFFeGFtcGxlIE9yZywgSW5jLjELMAkGA1UEBhMCVVOgIAYJ
KoZIhvcNAQkUoBMMEVVJRF9mcmllbmRseV9uYW1liAMqAwSGG2h0dHA6Ly9leGFt
cGxlLmNvbS9yZXNvdXJjZTAdBgNVHQ4EFgQUBoi/iNuA3Rj8YVxYu8cRWpfm89sw
DQYJKoZIhvcNAQELBQADggEBAJ14oAlPBzG5TcIlVhCHhAlwdrTTledEzAE+3W9u
gSIPZlwnxeDINn8ESJdH1vXzInkjMUWp5HLRHvnubkm+3+TxM62HSZ1wA8bnY0Yy
hb9nwNj4MsNwWzzljT3W9rMiigZOmcTqEz+Ak+QdmxJHxqiuO5ZolC02D5t2H11A
nL2qDlo/Td90KJi4Hn7W43pUGg/EqIcZf+OSsNIRGd+o/BqF7xHtX2peOCPDStWM
Zvd3D90zu0hKS2mXwaNk6wXGgTTd3sO9+1QehwbvHU+ge1aFumNyrnGCD7NbLx+G
Ch43ehA+qBjiykgmbH4fTobYyFMjNsLvWY9Jc5ruKJmPm5M=
-----END CERTIFICATE-----
PEM;
$parsed = openssl_x509_parse($cert);

if ($parsed === false || !isset($parsed['extensions']['subjectAltName'])) {
echo "MISSING_SUBJECT_ALT_NAME\n";
return;
}

$san = $parsed['extensions']['subjectAltName'];
echo (strpos($san, 'DirName:/') !== false ? "HAS_DIRNAME_PREFIX\n" : "NO_DIRNAME_PREFIX\n");

echo (strpos($san, '/O=Example Org, Inc.') !== false ? "COMMA_ESCAPED\n" : "COMMA_NOT_ESCAPED\n");

?>
--EXPECT--
HAS_DIRNAME_PREFIX
COMMA_ESCAPED