From 9cf2e7be8fbf64e214421f8757bd590b3b7cc4ad Mon Sep 17 00:00:00 2001
From: fengweihao <fengweihao@iie.ac.cn>
Date: Mon, 26 Aug 2019 17:03:04 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=AE=9E=E4=BD=93=E8=AF=81?=
 =?UTF-8?q?=E4=B9=A6=E6=9C=AA=E5=8C=B9=E9=85=8D=EF=BC=8C=E6=98=BE=E7=A4=BA?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/x509.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/x509.c b/src/x509.c
index c219083..5855caf 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -64,7 +64,7 @@ static void help()
   printf("Welcome to x509 %s\n", "1.1.1");
   printf("x509 <-incert |-inkey | -incrl | -inlist> arg\n"
          "Usage:\n"
-         "  -incert     | input certificate file\n"
+         "  -incert     | input certificate file [url]\n"
          "  -inkey      | input private key file\n"
          "  -incrl      | input certificate revocation list\n"
          "  -inlist     | input certificate list file,format = pem\n"
@@ -511,7 +511,7 @@ int X509_check_valid_date(X509 *x509)
     return 0;
 }
 
-int x509_parse_cert(char *certfile)
+int x509_parse_cert(char *certfile, char *input_url)
 {
     int xret = -1;
     int informat = 0;
@@ -530,16 +530,19 @@ int x509_parse_cert(char *certfile)
 	constraints = x509_get_ExtBasicConstraints(x509);
     printf("Ca Constraints : %s\n", (constraints != NULL)?constraints: "NULL");
 	/*end-entity certificate san**/
-	if (STRSTR(constraints, "End Entity"))
+	if ((constraints != NULL && STRSTR(constraints, "End Entity")) ||
+		 constraints == NULL)
 	{
 		char *cn = x509_get_cn(x509);
-		if (!cn || X509_check_host(x509, cn, strlen(cn), 0, NULL) != 1)
+		if (!cn || X509_check_host(x509, cn, strlen(cn), 0, NULL) != 1 ||
+			input_url == NULL || X509_check_host(x509, input_url, strlen(input_url), 0, NULL) != 1)
 		{
-			printf("Match host name: %s\n", "ERR_CERT_COMMON_NAME_INVALID");
+			printf("Match host name: %s\n", "Matching failure");
 		}
 		kfree(cn);
 	}
-	kfree(constraints);
+	printf("Match host name: %s\n", "Successful matching");
+	if (constraints) kfree(constraints);
     if (informat == LOCAL_USER_P12 || informat == LOCAL_USER_PEN){
         if (stack_ca){
            printf("Chain Length   : %d\n", sk_X509_num(stack_ca) + 1);
@@ -726,6 +729,7 @@ decoder_argv_parser(int argc, char **argv, char **infile, char **infile2)
             if (--argc < 1)
                 goto help;
             *infile = argv[i+1];
+			*infile2 = argv[i+2];
             iformat = INPUT_FILE_CERT;
             break;
         }
@@ -739,7 +743,7 @@ decoder_argv_parser(int argc, char **argv, char **infile, char **infile2)
         if (STRCMP(argv[i], "-inlist")== 0){
             if (--argc < 1)
                 goto help;
-            *infile = argv[i+1];
+            *infile = argv[i+1];			
             iformat = INPUT_FILE_LIST;
             break;
         }
@@ -802,7 +806,7 @@ int x509_check_format(int argc, char **argv)
             x509_parse_key(infile);
             break;
         case INPUT_FILE_CERT:
-            x509_parse_cert(infile);
+            x509_parse_cert(infile, infile2);
             break;
         case INPUT_FILE_CRL:
             x509_parse_crl(infile);