wolfSSL · dgarske · Oct 2, 2025 · Oct 2, 2025 · Copilot · Oct 2, 2025
diff --git a/src/x509.c b/src/x509.c
@@ -6099,7 +6099,6 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
     #define MAX_WIDTH 80
 #endif
 
-#if defined(WOLFSSL_ACERT)
 #define ACERT_NUM_DIR_TAGS 4
 
 /* Convenience struct and function for printing the Holder sub fields
@@ -6209,9 +6208,8 @@ static int X509PrintDirType(char * dst, int max_len, const DNS_entry * entry)
 
     return total_len;
 }
-
-static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio,
-                                       const DNS_entry* entry, int indent)
+static int X509_print_name_entry(WOLFSSL_BIO* bio,
+                                 const DNS_entry* entry, int indent)
 {
     int  ret = WOLFSSL_SUCCESS;
     int  nameCount = 0;
@@ -6242,68 +6240,43 @@ static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio,
 
         if (entry->type == ASN_DNS_TYPE) {
             len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name);
-            if (len >= MAX_WIDTH) {
-                ret = WOLFSSL_FAILURE;
-                break;
-            }
         }
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
         else if (entry->type == ASN_IP_TYPE) {
             len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s",
                     entry->ipString);
-            if (len >= MAX_WIDTH) {
-                ret = WOLFSSL_FAILURE;
-                break;
-            }
         }
     #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
         else if (entry->type == ASN_RFC822_TYPE) {
             len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s",
                     entry->name);
-            if (len >= MAX_WIDTH) {
-                ret = WOLFSSL_FAILURE;
-                break;
-            }
         }
         else if (entry->type == ASN_DIR_TYPE) {
             len = X509PrintDirType(scratch, MAX_WIDTH, entry);
-            if (len >= MAX_WIDTH) {
-                ret = WOLFSSL_FAILURE;
-                break;
-            }
         }
         else if (entry->type == ASN_URI_TYPE) {
             len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s",
                 entry->name);
-             if (len >= MAX_WIDTH) {
-                ret = WOLFSSL_FAILURE;
-                break;
-            }
         }
     #if defined(OPENSSL_ALL)
         else if (entry->type == ASN_RID_TYPE) {
             len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
                 entry->ridString);
-            if (len >= MAX_WIDTH) {
-                ret = WOLFSSL_FAILURE;
-                break;
-            }
         }
     #endif
         else if (entry->type == ASN_OTHER_TYPE) {
             len = XSNPRINTF(scratch, MAX_WIDTH,
                 "othername <unsupported>");
-            if (len >= MAX_WIDTH) {
-                ret = WOLFSSL_FAILURE;
-                break;
-            }
         }
         else {
             WOLFSSL_MSG("Bad alt name type.");
             ret = WOLFSSL_FAILURE;
             break;
         }
-
+        if (len >= MAX_WIDTH) {
+            ret = WOLFSSL_FAILURE;
+            break;
+        }
         if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch))
                 <= 0) {
             ret = WOLFSSL_FAILURE;
@@ -6320,128 +6293,6 @@ static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio,
     return ret;
 }
 
-#endif /* if WOLFSSL_ACERT*/
-
-static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
-        int indent)
-{
-    int ret = WOLFSSL_SUCCESS;
-    DNS_entry* entry;
-
-    if (bio == NULL || x509 == NULL) {
-        ret = WOLFSSL_FAILURE;
-    }
-
-    if (ret == WOLFSSL_SUCCESS && x509->subjAltNameSet &&
-            x509->altNames != NULL) {
-        char scratch[MAX_WIDTH];
-        int len;
-
-        len = XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent, "");
-        if (len >= MAX_WIDTH)
-            ret = WOLFSSL_FAILURE;
-        if (ret == WOLFSSL_SUCCESS) {
-            if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) <= 0) {
-                ret = WOLFSSL_FAILURE;
-            }
-        }
-        if (ret == WOLFSSL_SUCCESS) {
-            int nameCount = 0;
-
-            entry = x509->altNames;
-            while (entry != NULL) {
-                ++nameCount;
-                if (nameCount > 1) {
-                    if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
-                }
-
-                if (entry->type == ASN_DNS_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name);
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
-                }
-            #ifdef WOLFSSL_IP_ALT_NAME
-                else if (entry->type == ASN_IP_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s",
-                            entry->ipString);
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
-                }
-            #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
-                else if (entry->type == ASN_RFC822_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s",
-                            entry->name);
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
-                }
-                else if (entry->type == ASN_DIR_TYPE) {
-                    /* @TODO entry->name in ASN1 syntax */
-                    len = XSNPRINTF(scratch, MAX_WIDTH,
-                        "DirName:<print out not supported yet>");
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
-                }
-                else if (entry->type == ASN_URI_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s",
-                        entry->name);
-                     if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
-                }
-            #if defined(OPENSSL_ALL)
-                else if (entry->type == ASN_RID_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
-                        entry->ridString);
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
-                }
-            #endif
-                else if (entry->type == ASN_OTHER_TYPE) {
-                    len = XSNPRINTF(scratch, MAX_WIDTH,
-                        "othername <unsupported>");
-                    if (len >= MAX_WIDTH) {
-                        ret = WOLFSSL_FAILURE;
-                        break;
-                    }
-                }
-                else {
-                    WOLFSSL_MSG("Bad alt name type.");
-                    ret = WOLFSSL_FAILURE;
-                    break;
-                }
-
-                if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch))
-                        <= 0) {
-                    ret = WOLFSSL_FAILURE;
-                    break;
-                }
-
-                entry = entry->next;
-            }
-        }
-
-        if (ret == WOLFSSL_SUCCESS && wolfSSL_BIO_write(bio, "\n", 1) <= 0) {
-            ret = WOLFSSL_FAILURE;
-        }
-    }
-
-    return ret;
-}
-
 #ifdef XSNPRINTF
 static int X509PrintKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
 {
@@ -6711,6 +6562,14 @@ static int X509PrintValidity(WOLFSSL_BIO* bio, WOLFSSL_ASN1_TIME * notBefore,
 }
 #endif /* ifndef NO_ASN_TIME */
 
+static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
+                                int indent)
+{
+    if (!x509 || !x509->altNames || !x509->subjAltNameSet)
+        return WOLFSSL_FAILURE;
-    if (!x509 || !x509->altNames || !x509->subjAltNameSet)
-        return WOLFSSL_FAILURE;
+    if (bio == NULL)
+        return WOLFSSL_FAILURE;
+    if (!x509 || !x509->altNames || !x509->subjAltNameSet)
+        return WOLFSSL_SUCCESS; /* No SAN present, treat as no-op */
-    if (!x509 || !x509->altNames || !x509->subjAltNameSet)
-        return WOLFSSL_FAILURE;
+    if (bio == NULL)
+        return WOLFSSL_FAILURE;
+    if (!x509 || !x509->altNames || !x509->subjAltNameSet)
+        return WOLFSSL_SUCCESS; /* No SAN present, treat as no-op */
+    return X509_print_name_entry(bio, x509->altNames, indent);
+}
+
 /* iterate through certificate extensions printing them out in human readable
  * form
  * return WOLFSSL_SUCCESS on success
@@ -7586,7 +7445,7 @@ int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509)
             return WOLFSSL_FAILURE;
         }
 
-        if (X509_ACERT_print_name_entry(bio, x509->holderEntityName, 1)
+        if (X509_print_name_entry(bio, x509->holderEntityName, 1)
                 != WOLFSSL_SUCCESS) {
             return WOLFSSL_FAILURE;
         }
@@ -7599,7 +7458,7 @@ int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509)
             return WOLFSSL_FAILURE;
         }
 
-        if (X509_ACERT_print_name_entry(bio, x509->holderIssuerName, 1)
+        if (X509_print_name_entry(bio, x509->holderIssuerName, 1)
             != WOLFSSL_SUCCESS) {
             return WOLFSSL_FAILURE;
         }
@@ -7617,7 +7476,7 @@ int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509)
     }
 
     if (x509->AttCertIssuerName != NULL) {
-        if (X509_ACERT_print_name_entry(bio, x509->AttCertIssuerName, 1)
+        if (X509_print_name_entry(bio, x509->AttCertIssuerName, 1)
                 != WOLFSSL_SUCCESS) {
             return WOLFSSL_FAILURE;
         }