commit e3768aabf74aab1daa845da724c371ed4ba33643
author QUICHE team <quiche-dev@google.com> Tue Oct 12 12:13:40 2021 -0700
committer Copybara-Service <copybara-worker@google.com> Tue Oct 12 12:14:38 2021 -0700
tree 3099025ac404e5fb44430cc57e7db64a244d7bfb
parent f282c934f4731a9f4be93409c9f3e8687f0566a7

Internal change

PiperOrigin-RevId: 402623632

quic/test_tools/quic_test_client.cc

diff --git a/quic/test_tools/quic_test_client.cc b/quic/test_tools/quic_test_client.cc
index 598e14c..6b1f831 100644
--- a/quic/test_tools/quic_test_client.cc
+++ b/quic/test_tools/quic_test_client.cc
@@ -102,6 +102,7 @@
       return QUIC_FAILURE;
     }
 
+    // Parse the cert into an X509 structure.
     const uint8_t* data;
     data = reinterpret_cast<const uint8_t*>(certs[0].data());
     bssl::UniquePtr<X509> cert(d2i_X509(nullptr, &data, certs[0].size()));
@@ -109,15 +110,28 @@
       return QUIC_FAILURE;
     }
 
-    static const unsigned kMaxCommonNameLength = 256;
-    char buf[kMaxCommonNameLength];
-    X509_NAME* subject_name = X509_get_subject_name(cert.get());
-    if (X509_NAME_get_text_by_NID(subject_name, NID_commonName, buf,
-                                  sizeof(buf)) <= 0) {
+    // Extract the CN field
+    X509_NAME* subject = X509_get_subject_name(cert.get());
+    const int index = X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
+    if (index < 0) {
+      return QUIC_FAILURE;
+    }
+    ASN1_STRING* name_data =
+        X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject, index));
+    if (name_data == nullptr) {
       return QUIC_FAILURE;
     }
 
-    common_name_ = buf;
+    // Convert the CN to UTF8, in case the cert represents it in a different
+    // format.
+    unsigned char* buf = nullptr;
+    const int len = ASN1_STRING_to_UTF8(&buf, name_data);
+    if (len <= 0) {
+      return QUIC_FAILURE;
+    }
+    bssl::UniquePtr<unsigned char> deleter(buf);
+
+    common_name_.assign(reinterpret_cast<const char*>(buf), len);
     cert_sct_ = cert_sct;
     return QUIC_SUCCESS;
   }