From befa1a0f60dd8da763c6b9db570c5cb186ffe2e8 Mon Sep 17 00:00:00 2001 From: Muhammad Rizwan Date: Thu, 4 Dec 2025 17:53:00 -0500 Subject: [PATCH 1/3] Fix DirName formatting in subjectAltName #20312 Use X509_NAME_oneline and escape commas to avoid ambiguity when printing DirName entries in the subjectAltName extension. --- ext/openssl/openssl_backend_common.c | 53 ++++++++++++++++++++++++++- ext/openssl/tests/subjectAltName.phpt | 50 +++++++++++++++++++++++++ 2 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 ext/openssl/tests/subjectAltName.phpt diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c index 611359cccaba6..d0c7202200cf5 100644 --- a/ext/openssl/openssl_backend_common.c +++ b/ext/openssl/openssl_backend_common.c @@ -666,7 +666,58 @@ int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) as = name->d.uniformResourceIdentifier; BIO_write(bio, ASN1_STRING_get0_data(as), ASN1_STRING_length(as)); - break; + break; + case GEN_DIRNAME: + X509_NAME *dirn = name->d.dirn; + char *oneline; + + BIO_puts(bio,"DirName:"); + + if (dirn != NULL && (oneline = X509_NAME_oneline(dirn, NULL, 0)) != NULL) + { + char *comma = strchr(oneline, ','); + if (comma != NULL) + { + BIO_puts(bio,oneline); + } + else + { + char *p = oneline; + char *seg_start = oneline; + + while (*p != '\0') { + if (*p == ',') { + if (p > seg_start) { + size_t len = (size_t)(p - seg_start); + while (len > 0) { + int chunk = (len > INT_MAX) ? INT_MAX : (int)len; + BIO_write(bio, seg_start, chunk); + seg_start += chunk; + len -= (size_t)chunk; + } + } + + BIO_write(bio, "\\,", 2); + seg_start = p + 1; + } + p++; + } + + if (p > seg_start) + { + size_t len = (size_t)(p - seg_start); + while (len > 0) { + int chunk = (len > INT_MAX) ? INT_MAX : (int)len; + BIO_write(bio, seg_start, chunk); + seg_start += chunk; + len -= (size_t)chunk; + } + } + } + OPENSSL_free(oneline); + } + break; + default: /* use builtin print for GEN_OTHERNAME, GEN_X400, * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID diff --git a/ext/openssl/tests/subjectAltName.phpt b/ext/openssl/tests/subjectAltName.phpt new file mode 100644 index 0000000000000..10b009a3ca0af --- /dev/null +++ b/ext/openssl/tests/subjectAltName.phpt @@ -0,0 +1,50 @@ +--TEST-- +DirName in subjectAltName uses name-style notation with escaped commas +--EXTENSIONS-- +openssl +--FILE-- + +--EXPECT-- +HAS_DIRNAME_PREFIX +COMMA_ESCAPED \ No newline at end of file From 3104626c9aa453cbeafb068248cc22752fe36bb8 Mon Sep 17 00:00:00 2001 From: Muhammad Rizwan Date: Thu, 4 Dec 2025 18:19:23 -0500 Subject: [PATCH 2/3] Fix: label followed by a declaration is a C23 extension --- ext/openssl/openssl_backend_common.c | 82 ++++++++++++++-------------- 1 file changed, 42 insertions(+), 40 deletions(-) diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c index d0c7202200cf5..1ab8464a0a91d 100644 --- a/ext/openssl/openssl_backend_common.c +++ b/ext/openssl/openssl_backend_common.c @@ -668,53 +668,55 @@ int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) ASN1_STRING_length(as)); break; case GEN_DIRNAME: - X509_NAME *dirn = name->d.dirn; - char *oneline; + { + X509_NAME *dirn = name->d.dirn; + char *oneline; - BIO_puts(bio,"DirName:"); + BIO_puts(bio,"DirName:"); - if (dirn != NULL && (oneline = X509_NAME_oneline(dirn, NULL, 0)) != NULL) - { - char *comma = strchr(oneline, ','); - if (comma != NULL) + if (dirn != NULL && (oneline = X509_NAME_oneline(dirn, NULL, 0)) != NULL) { - BIO_puts(bio,oneline); - } - else - { - char *p = oneline; - char *seg_start = oneline; - - while (*p != '\0') { - if (*p == ',') { - if (p > seg_start) { - size_t len = (size_t)(p - seg_start); - while (len > 0) { - int chunk = (len > INT_MAX) ? INT_MAX : (int)len; - BIO_write(bio, seg_start, chunk); - seg_start += chunk; - len -= (size_t)chunk; - } - } - - BIO_write(bio, "\\,", 2); - seg_start = p + 1; - } - p++; + char *comma = strchr(oneline, ','); + if (comma != NULL) + { + BIO_puts(bio,oneline); } - - if (p > seg_start) + else { - size_t len = (size_t)(p - seg_start); - while (len > 0) { - int chunk = (len > INT_MAX) ? INT_MAX : (int)len; - BIO_write(bio, seg_start, chunk); - seg_start += chunk; - len -= (size_t)chunk; - } + char *p = oneline; + char *seg_start = oneline; + + while (*p != '\0') { + if (*p == ',') { + if (p > seg_start) { + size_t len = (size_t)(p - seg_start); + while (len > 0) { + int chunk = (len > INT_MAX) ? INT_MAX : (int)len; + BIO_write(bio, seg_start, chunk); + seg_start += chunk; + len -= (size_t)chunk; + } + } + + BIO_write(bio, "\\,", 2); + seg_start = p + 1; + } + p++; + } + + if (p > seg_start) + { + size_t len = (size_t)(p - seg_start); + while (len > 0) { + int chunk = (len > INT_MAX) ? INT_MAX : (int)len; + BIO_write(bio, seg_start, chunk); + seg_start += chunk; + len -= (size_t)chunk; + } + } } + OPENSSL_free(oneline); } - OPENSSL_free(oneline); } break; From 0f30a3998e0c4fa88d766bd4f1e411f28159c042 Mon Sep 17 00:00:00 2001 From: Muhammad Rizwan Date: Thu, 4 Dec 2025 18:26:53 -0500 Subject: [PATCH 3/3] Fix: Build Issue --- ext/openssl/openssl_backend_common.c | 83 ++++++++++++++-------------- 1 file changed, 40 insertions(+), 43 deletions(-) diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c index 1ab8464a0a91d..539ecf8397fcc 100644 --- a/ext/openssl/openssl_backend_common.c +++ b/ext/openssl/openssl_backend_common.c @@ -668,58 +668,55 @@ int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) ASN1_STRING_length(as)); break; case GEN_DIRNAME: - { - X509_NAME *dirn = name->d.dirn; - char *oneline; + BIO_puts(bio,"DirName:"); - BIO_puts(bio,"DirName:"); + X509_NAME *dirn = name->d.dirn; + char *oneline; - if (dirn != NULL && (oneline = X509_NAME_oneline(dirn, NULL, 0)) != NULL) + if (dirn != NULL && (oneline = X509_NAME_oneline(dirn, NULL, 0)) != NULL) + { + char *comma = strchr(oneline, ','); + if (comma != NULL) { - char *comma = strchr(oneline, ','); - if (comma != NULL) - { - BIO_puts(bio,oneline); + BIO_puts(bio,oneline); + } + else + { + char *p = oneline; + char *seg_start = oneline; + + while (*p != '\0') { + if (*p == ',') { + if (p > seg_start) { + size_t len = (size_t)(p - seg_start); + while (len > 0) { + int chunk = (len > INT_MAX) ? INT_MAX : (int)len; + BIO_write(bio, seg_start, chunk); + seg_start += chunk; + len -= (size_t)chunk; + } + } + + BIO_write(bio, "\\,", 2); + seg_start = p + 1; + } + p++; } - else - { - char *p = oneline; - char *seg_start = oneline; - - while (*p != '\0') { - if (*p == ',') { - if (p > seg_start) { - size_t len = (size_t)(p - seg_start); - while (len > 0) { - int chunk = (len > INT_MAX) ? INT_MAX : (int)len; - BIO_write(bio, seg_start, chunk); - seg_start += chunk; - len -= (size_t)chunk; - } - } - - BIO_write(bio, "\\,", 2); - seg_start = p + 1; - } - p++; - } - if (p > seg_start) - { - size_t len = (size_t)(p - seg_start); - while (len > 0) { - int chunk = (len > INT_MAX) ? INT_MAX : (int)len; - BIO_write(bio, seg_start, chunk); - seg_start += chunk; - len -= (size_t)chunk; - } - } + if (p > seg_start) + { + size_t len = (size_t)(p - seg_start); + while (len > 0) { + int chunk = (len > INT_MAX) ? INT_MAX : (int)len; + BIO_write(bio, seg_start, chunk); + seg_start += chunk; + len -= (size_t)chunk; + } } - OPENSSL_free(oneline); } + OPENSSL_free(oneline); } break; - default: /* use builtin print for GEN_OTHERNAME, GEN_X400, * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID