Commit 22e1b0f9 authored by IKEDA Soji's avatar IKEDA Soji
Browse files

S/MIME: Simplify the method to get email addresses in X.509 certificates (#1239).

Crypt::OpenSSL::X509 1.909 or later is required.
parent e1555fc1
...@@ -210,7 +210,9 @@ feature 'x509-auth', 'Required to extract user certificates for SSL clients and ...@@ -210,7 +210,9 @@ feature 'x509-auth', 'Required to extract user certificates for SSL clients and
feature 'smime', 'Required to sign, verify, encrypt and decrypt S/MIME messages.' => sub { feature 'smime', 'Required to sign, verify, encrypt and decrypt S/MIME messages.' => sub {
requires 'Crypt::SMIME', '>= 0.15'; requires 'Crypt::SMIME', '>= 0.15';
# Required to extract user certificates for SSL clients and S/MIME messages. # Required to extract user certificates for SSL clients and S/MIME messages.
requires 'Crypt::OpenSSL::X509', '>= 1.800.1'; # Note: value() for extension on versions < 1.808 was broken.
# Note: email() for certificate on versions < 1.909 was broken.
requires 'Crypt::OpenSSL::X509', '>= 1.909';
}; };
feature 'csv', 'CSV database driver, required if you include list members, owners or moderators from CSV file.' => sub { feature 'csv', 'CSV database driver, required if you include list members, owners or moderators from CSV file.' => sub {
......
...@@ -30,6 +30,7 @@ use English qw(-no_match_vars); ...@@ -30,6 +30,7 @@ use English qw(-no_match_vars);
use Conf; use Conf;
use Sympa::Log; use Sympa::Log;
use Sympa::Tools::Text;
my $log = Sympa::Log->instance; my $log = Sympa::Log->instance;
...@@ -153,6 +154,8 @@ sub parse_cert { ...@@ -153,6 +154,8 @@ sub parse_cert {
$log->syslog('debug3', '(%s => %s)', @_); $log->syslog('debug3', '(%s => %s)', @_);
my %arg = @_; my %arg = @_;
return undef unless $Crypt::OpenSSL::X509::VERSION;
## Load certificate ## Load certificate
my $x509; my $x509;
if ($arg{'text'}) { if ($arg{'text'}) {
...@@ -171,25 +174,13 @@ sub parse_cert { ...@@ -171,25 +174,13 @@ sub parse_cert {
my %res; my %res;
$res{subject} = join '', $res{subject} = join '',
map { '/' . $_->as_string } @{$x509->subject_name->entries}; map { '/' . $_->as_string } @{$x509->subject_name->entries};
my $extensions = $x509->extensions_by_name();
my %emails; my @emails =
foreach my $extension_name (keys %$extensions) { map { Sympa::Tools::Text::canonic_email($_) }
if ($extension_name eq 'subjectAltName') { grep { Sympa::Tools::Text::valid_email($_) }
my $extension_value = $extensions->{$extension_name}->value(); split / +/, ($x509->email // '');
my @addresses = split '\.{2,}', $extension_value; $res{email} = {map { ($_ => 1) } @emails};
shift @addresses;
foreach my $address (@addresses) {
$emails{$address} = 1;
}
}
}
if (%emails) {
foreach my $email (keys %emails) {
$res{email}{lc($email)} = 1;
}
} elsif ($x509->email) {
$res{email}{lc($x509->email)} = 1;
}
# Check key usage roughy. # Check key usage roughy.
my %purposes = $x509->extensions_by_name->{keyUsage}->hash_bit_string; my %purposes = $x509->extensions_by_name->{keyUsage}->hash_bit_string;
$res{purpose}->{sign} = $purposes{'Digital Signature'} ? 1 : ''; $res{purpose}->{sign} = $purposes{'Digital Signature'} ? 1 : '';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment