[crypto] Add support for subjectAltName and wildcard certificates

Originally-implemented-by: Alex Chernyakhovsky <achernya@google.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/include/ipxe/asn1.h

@@ -222,6 +222,11 @@ struct asn1_builder_header {
 	ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ),		\
 	ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 )
 
+/** ASN.1 OID for id-ce-subjectAltName (2.5.29.17) */
+#define ASN1_OID_SUBJECTALTNAME					\
+	ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ),	\
+	ASN1_OID_SINGLE ( 17 )
+
 /** Define an ASN.1 cursor containing an OID */
 #define ASN1_OID_CURSOR( oid_value ) {				\
 		.data = oid_value,				\

src/include/ipxe/x509.h

@@ -136,6 +136,18 @@ struct x509_authority_info_access {
 	struct x509_ocsp_responder ocsp;
 };
 
+/** X.509 certificate subject alternative name */
+struct x509_subject_alt_name {
+	/** Names */
+	struct asn1_cursor names;
+};
+
+/** X.509 certificate general name types */
+enum x509_general_name_types {
+	X509_GENERAL_NAME_DNS = ASN1_IMPLICIT_TAG ( 2 ),
+	X509_GENERAL_NAME_URI = ASN1_IMPLICIT_TAG ( 6 ),
+};
+
 /** An X.509 certificate extensions set */
 struct x509_extensions {
 	/** Basic constraints */
@@ -146,6 +158,8 @@ struct x509_extensions {
 	struct x509_extended_key_usage ext_usage;
 	/** Authority information access */
 	struct x509_authority_info_access auth_info;
+	/** Subject alternative name */
+	struct x509_subject_alt_name alt_name;
 };
 
 /** A link in an X.509 certificate chain */