@@ -114,7 +114,7 @@ sub Crypt::OpenSSL::X509::subjectaltname {
114114 my $ok = $asn -> prepare(q<
115115 AnotherName ::= SEQUENCE {
116116 type OBJECT IDENTIFIER,
117- value [0] EXPLICIT ANY } -- DEFINED BY type-id }
117+ value [0] EXPLICIT ANY DEFINED BY type }
118118
119119 EDIPartyName ::= SEQUENCE {
120120 nameAssigner [0] DirectoryString OPTIONAL,
@@ -158,6 +158,7 @@ sub Crypt::OpenSSL::X509::subjectaltname {
158158 GeneralNames ::= SEQUENCE OF GeneralName
159159
160160 GeneralName ::= CHOICE {
161+ otherName [0] AnotherName,
161162 rfc822Name [1] IA5String,
162163 dNSName [2] IA5String,
163164 x400Address [3] ANY, --ORAddress,
@@ -172,6 +173,11 @@ sub Crypt::OpenSSL::X509::subjectaltname {
172173 die ' *** Could not prepare definition: ' $asn -> error()
173174 if !$ok ;
174175
176+ # Microsoft's User Principal Name (Smart Card Logon)
177+ my $upn = Convert::ASN1-> new or die ( " New UPN"
178+ $upn -> prepare(q( microsoftUPN UTF8String) or die ( " Prepare UPN"
179+ $asn -> registeroid( ' 1.3.6.1.4.1.311.20.2.3' $upn );
180+
175181 # This is an important bit - if you don't do the find the decode
176182 # will randomly fail/succeed. This is required to work
177183 my $asn_node = $asn -> find(' SubjectAltName'
@@ -180,6 +186,30 @@ sub Crypt::OpenSSL::X509::subjectaltname {
180186 my $san = $asn_node -> decode($bin_data )
181187 or die ' Unable to decode SubjectAltName: ' $asn_node -> error;
182188
189+ foreach my $name ( @$san ) {
190+ foreach my $item (keys %$name ) {
191+ if ( $item eq ' iPAddress'
192+ my $ip = $name -> {$item };
193+ if ( length $ip == 4 ) {
194+ $name -> {iPAddress } = sprintf ( ' %d.%d.%d.%d' unpack ( ' C4' $ip ) );
195+ } elsif ( length $ip == 16 ) {
196+ $name -> {iPAddress } = sprintf ( ' %x:%x:%x:%x:%x:%x:%x:%x' unpack ( ' n8' $ip ) );
197+ } else {
198+ $name -> {iPAddress } = unpack ( ' H*' $ip );
199+ }
200+ } elsif ( $item eq ' otherName'
201+ my $otherName = $name -> {otherName };
202+ if ( $otherName -> {type } eq ' 1.3.6.1.4.1.311.20.2.3'
203+ my $value ;
204+ foreach my $val (keys %{$otherName -> {value }}) {
205+ $value .= $val . " ::" $otherName -> {value }{$val };
206+ }
207+ $name -> {otherName } = $value ;
208+ }
209+ }
210+ }
211+ }
212+
183213 return $san ;
184214}
185215
0 commit comments