Merge pull request sfackler#1799 from stephaneyfx/fix-ipaddress-debug-format

Fix debug formatting of ipaddress for GeneralName

Author: sfackler

openssl/src/x509/mod.rs

@@ -11,11 +11,13 @@ use cfg_if::cfg_if;
 use foreign_types::{ForeignType, ForeignTypeRef, Opaque};
 use libc::{c_int, c_long, c_uint};
 use std::cmp::{self, Ordering};
+use std::convert::TryFrom;
 use std::error::Error;
 use std::ffi::{CStr, CString};
 use std::fmt;
 use std::marker::PhantomData;
 use std::mem;
+use std::net::IpAddr;
 use std::path::Path;
 use std::ptr;
 use std::slice;
@@ -1555,8 +1557,13 @@ impl fmt::Debug for GeneralNameRef {
         } else if let Some(uri) = self.uri() {
             formatter.write_str(uri)
         } else if let Some(ipaddress) = self.ipaddress() {
-            let result = String::from_utf8_lossy(ipaddress);
-            formatter.write_str(&result)
+            let address = <[u8; 16]>::try_from(ipaddress)
+                .map(IpAddr::from)
+                .or_else(|_| <[u8; 4]>::try_from(ipaddress).map(IpAddr::from));
+            match address {
+                Ok(a) => fmt::Debug::fmt(&a, formatter),
+                Err(_) => fmt::Debug::fmt(ipaddress, formatter),
+            }
         } else {
             formatter.write_str("(empty)")
         }

openssl/src/x509/tests.rs

@@ -868,3 +868,40 @@ fn test_load_crl_file_fail() {
     let res = lookup.load_crl_file("test/root-ca.pem", SslFiletype::PEM);
     assert!(res.is_err());
 }
+
+#[cfg(ossl110)]
+fn ipaddress_as_subject_alternative_name_is_formatted_in_debug<T>(expected_ip: T)
+where
+    T: Into<std::net::IpAddr>,
+{
+    let expected_ip = format!("{:?}", expected_ip.into());
+    let mut builder = X509Builder::new().unwrap();
+    let san = SubjectAlternativeName::new()
+        .ip(&expected_ip)
+        .build(&builder.x509v3_context(None, None))
+        .unwrap();
+    builder.append_extension(san).unwrap();
+    let cert = builder.build();
+    let actual_ip = cert
+        .subject_alt_names()
+        .into_iter()
+        .flatten()
+        .map(|n| format!("{:?}", *n))
+        .next()
+        .unwrap();
+    assert_eq!(actual_ip, expected_ip);
+}
+
+#[cfg(ossl110)]
+#[test]
+fn ipv4_as_subject_alternative_name_is_formatted_in_debug() {
+    ipaddress_as_subject_alternative_name_is_formatted_in_debug([8u8, 8, 8, 128]);
+}
+
+#[cfg(ossl110)]
+#[test]
+fn ipv6_as_subject_alternative_name_is_formatted_in_debug() {
+    ipaddress_as_subject_alternative_name_is_formatted_in_debug([
+        8u8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 128,
+    ]);
+}