Add support for setting IDP too.
This commit is contained in:
parent
0c010a1517
commit
0537f9689c
2
CHANGES
2
CHANGES
@ -9,7 +9,7 @@
|
|||||||
all fields.
|
all fields.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
|
||||||
*) Add print only support for Issuing Distribution Point CRL extension.
|
*) Add print and set support for Issuing Distribution Point CRL extension.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
|
||||||
Changes between 0.9.8 and 0.9.8a [XX xxx XXXX]
|
Changes between 0.9.8 and 0.9.8a [XX xxx XXXX]
|
||||||
|
@ -101,7 +101,7 @@ static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
|
|||||||
return gens;
|
return gens;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
|
static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
|
||||||
CONF_VALUE *cnf)
|
CONF_VALUE *cnf)
|
||||||
{
|
{
|
||||||
STACK_OF(GENERAL_NAME) *fnm = NULL;
|
STACK_OF(GENERAL_NAME) *fnm = NULL;
|
||||||
@ -123,7 +123,7 @@ static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
|
|||||||
dnsect = X509V3_get_section(ctx, cnf->value);
|
dnsect = X509V3_get_section(ctx, cnf->value);
|
||||||
if (!dnsect)
|
if (!dnsect)
|
||||||
{
|
{
|
||||||
X509V3err(X509V3_F_GET_DIST_POINT_NAME,
|
X509V3err(X509V3_F_SET_DIST_POINT_NAME,
|
||||||
X509V3_R_SECTION_NOT_FOUND);
|
X509V3_R_SECTION_NOT_FOUND);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -140,7 +140,7 @@ static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
|
|||||||
if (sk_X509_NAME_ENTRY_value(rnm,
|
if (sk_X509_NAME_ENTRY_value(rnm,
|
||||||
sk_X509_NAME_ENTRY_num(rnm) - 1)->set)
|
sk_X509_NAME_ENTRY_num(rnm) - 1)->set)
|
||||||
{
|
{
|
||||||
X509V3err(X509V3_F_GET_DIST_POINT_NAME,
|
X509V3err(X509V3_F_SET_DIST_POINT_NAME,
|
||||||
X509V3_R_INVAID_MULTIPLE_RDNS);
|
X509V3_R_INVAID_MULTIPLE_RDNS);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -150,7 +150,7 @@ static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
|
|||||||
|
|
||||||
if (*pdp)
|
if (*pdp)
|
||||||
{
|
{
|
||||||
X509V3err(X509V3_F_GET_DIST_POINT_NAME,
|
X509V3err(X509V3_F_SET_DIST_POINT_NAME,
|
||||||
X509V3_R_DISTPOINT_ALREADY_SET);
|
X509V3_R_DISTPOINT_ALREADY_SET);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -179,7 +179,6 @@ static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static const BIT_STRING_BITNAME reason_flags[] = {
|
static const BIT_STRING_BITNAME reason_flags[] = {
|
||||||
{1, "Key Compromise", "keyCompromise"},
|
{1, "Key Compromise", "keyCompromise"},
|
||||||
{2, "CA Compromise", "CACompromise"},
|
{2, "CA Compromise", "CACompromise"},
|
||||||
@ -269,7 +268,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
cnf = sk_CONF_VALUE_value(nval, i);
|
cnf = sk_CONF_VALUE_value(nval, i);
|
||||||
ret = get_dist_point_name(&point->distpoint, ctx, cnf);
|
ret = set_dist_point_name(&point->distpoint, ctx, cnf);
|
||||||
if (ret > 0)
|
if (ret > 0)
|
||||||
continue;
|
continue;
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
@ -393,8 +392,12 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
|
|||||||
ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
|
ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
|
||||||
} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
|
} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
|
||||||
|
|
||||||
|
IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
|
||||||
|
|
||||||
static int i2r_idp(X509V3_EXT_METHOD *method,
|
static int i2r_idp(X509V3_EXT_METHOD *method,
|
||||||
void *pidp, BIO *out, int indent);
|
void *pidp, BIO *out, int indent);
|
||||||
|
static void *v2i_idp(X509V3_EXT_METHOD *method,
|
||||||
|
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
|
||||||
|
|
||||||
X509V3_EXT_METHOD v3_idp =
|
X509V3_EXT_METHOD v3_idp =
|
||||||
{
|
{
|
||||||
@ -402,11 +405,73 @@ X509V3_EXT_METHOD v3_idp =
|
|||||||
ASN1_ITEM_ref(ISSUING_DIST_POINT),
|
ASN1_ITEM_ref(ISSUING_DIST_POINT),
|
||||||
0,0,0,0,
|
0,0,0,0,
|
||||||
0,0,
|
0,0,
|
||||||
0,0,
|
0,
|
||||||
|
v2i_idp,
|
||||||
i2r_idp,0,
|
i2r_idp,0,
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static void *v2i_idp(X509V3_EXT_METHOD *method,
|
||||||
|
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
|
||||||
|
{
|
||||||
|
ISSUING_DIST_POINT *idp = NULL;
|
||||||
|
CONF_VALUE *cnf;
|
||||||
|
char *name, *val;
|
||||||
|
int i, ret;
|
||||||
|
idp = ISSUING_DIST_POINT_new();
|
||||||
|
if (!idp)
|
||||||
|
goto merr;
|
||||||
|
for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
|
||||||
|
{
|
||||||
|
cnf = sk_CONF_VALUE_value(nval, i);
|
||||||
|
name = cnf->name;
|
||||||
|
val = cnf->value;
|
||||||
|
ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
|
||||||
|
if (ret > 0)
|
||||||
|
continue;
|
||||||
|
if (ret < 0)
|
||||||
|
goto err;
|
||||||
|
if (!strcmp(name, "onlyuser"))
|
||||||
|
{
|
||||||
|
if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
else if (!strcmp(name, "onlyCA"))
|
||||||
|
{
|
||||||
|
if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
else if (!strcmp(name, "onlyAA"))
|
||||||
|
{
|
||||||
|
if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
else if (!strcmp(name, "indirectCRL"))
|
||||||
|
{
|
||||||
|
if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
else if (!strcmp(name, "onlysomereasons"))
|
||||||
|
{
|
||||||
|
if (!set_reasons(&idp->onlysomereasons, val))
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
|
||||||
|
X509V3_conf_err(cnf);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return idp;
|
||||||
|
|
||||||
|
merr:
|
||||||
|
X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE);
|
||||||
|
err:
|
||||||
|
ISSUING_DIST_POINT_free(idp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
|
static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
@ -77,7 +77,6 @@ static ERR_STRING_DATA X509V3_str_functs[]=
|
|||||||
{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
|
{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
|
||||||
{ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"},
|
{ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"},
|
||||||
{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"},
|
{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"},
|
||||||
{ERR_FUNC(X509V3_F_GET_DIST_POINT_NAME), "GET_DIST_POINT_NAME"},
|
|
||||||
{ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"},
|
{ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"},
|
||||||
{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
|
{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
|
||||||
{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
|
{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
|
||||||
@ -95,6 +94,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
|
|||||||
{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
|
{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
|
||||||
{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
|
{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
|
||||||
{ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"},
|
{ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"},
|
||||||
|
{ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"},
|
||||||
{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
|
{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
|
||||||
{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
|
{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
|
||||||
{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
|
{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
|
||||||
@ -109,6 +109,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
|
|||||||
{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"},
|
{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"},
|
||||||
{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
|
{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
|
||||||
{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"},
|
{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"},
|
||||||
|
{ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"},
|
||||||
{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"},
|
{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"},
|
||||||
{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"},
|
{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"},
|
||||||
{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"},
|
{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"},
|
||||||
|
@ -650,7 +650,6 @@ void ERR_load_X509V3_strings(void);
|
|||||||
#define X509V3_F_DO_EXT_I2D 135
|
#define X509V3_F_DO_EXT_I2D 135
|
||||||
#define X509V3_F_DO_EXT_NCONF 151
|
#define X509V3_F_DO_EXT_NCONF 151
|
||||||
#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
|
#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
|
||||||
#define X509V3_F_GET_DIST_POINT_NAME 155
|
|
||||||
#define X509V3_F_GNAMES_FROM_SECTNAME 156
|
#define X509V3_F_GNAMES_FROM_SECTNAME 156
|
||||||
#define X509V3_F_HEX_TO_STRING 111
|
#define X509V3_F_HEX_TO_STRING 111
|
||||||
#define X509V3_F_I2S_ASN1_ENUMERATED 121
|
#define X509V3_F_I2S_ASN1_ENUMERATED 121
|
||||||
@ -668,6 +667,7 @@ void ERR_load_X509V3_strings(void);
|
|||||||
#define X509V3_F_S2I_ASN1_OCTET_STRING 112
|
#define X509V3_F_S2I_ASN1_OCTET_STRING 112
|
||||||
#define X509V3_F_S2I_ASN1_SKEY_ID 114
|
#define X509V3_F_S2I_ASN1_SKEY_ID 114
|
||||||
#define X509V3_F_S2I_SKEY_ID 115
|
#define X509V3_F_S2I_SKEY_ID 115
|
||||||
|
#define X509V3_F_SET_DIST_POINT_NAME 155
|
||||||
#define X509V3_F_STRING_TO_HEX 113
|
#define X509V3_F_STRING_TO_HEX 113
|
||||||
#define X509V3_F_SXNET_ADD_ID_ASC 125
|
#define X509V3_F_SXNET_ADD_ID_ASC 125
|
||||||
#define X509V3_F_SXNET_ADD_ID_INTEGER 126
|
#define X509V3_F_SXNET_ADD_ID_INTEGER 126
|
||||||
@ -682,6 +682,7 @@ void ERR_load_X509V3_strings(void);
|
|||||||
#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103
|
#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103
|
||||||
#define X509V3_F_V2I_GENERAL_NAMES 118
|
#define X509V3_F_V2I_GENERAL_NAMES 118
|
||||||
#define X509V3_F_V2I_GENERAL_NAME_EX 117
|
#define X509V3_F_V2I_GENERAL_NAME_EX 117
|
||||||
|
#define X509V3_F_V2I_IDP 157
|
||||||
#define X509V3_F_V2I_ISSUER_ALT 153
|
#define X509V3_F_V2I_ISSUER_ALT 153
|
||||||
#define X509V3_F_V2I_NAME_CONSTRAINTS 147
|
#define X509V3_F_V2I_NAME_CONSTRAINTS 147
|
||||||
#define X509V3_F_V2I_POLICY_CONSTRAINTS 146
|
#define X509V3_F_V2I_POLICY_CONSTRAINTS 146
|
||||||
|
Loading…
x
Reference in New Issue
Block a user