Add support for freshest CRL extension.

2008-08-27 15:52:05 +00:00 · 2008-08-27 15:52:05 +00:00 · 249a77f5fb
commit 249a77f5fb
parent d0fff69dc9
7 changed files with 37 additions and 6 deletions
--- a/5
+++ b/5
@ -4,6 +4,11 @@

 Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]

+  *) Support for freshest CRL extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
  *) Initial indirect CRL support. Currently only supported in the CRLs
     passed directly and not via lookup. Process certificate issuer
     CRL entry extension and lookup CRL entries by bother issuer name
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@ -62,12 +62,12 @@
 * [including the GNU Public Licence.]
 */

-#define NUM_NID 857
-#define NUM_SN 850
-#define NUM_LN 850
-#define NUM_OBJ 804
+#define NUM_NID 858
+#define NUM_SN 851
+#define NUM_LN 851
+#define NUM_OBJ 805

-static const unsigned char lvalues[5711]={
+static const unsigned char lvalues[5714]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@ -872,6 +872,7 @@ static const unsigned char lvalues[5711]={
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5685] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5693] OBJ_id_GostR3410_2001_ParamSet_cc */
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */
+0x55,0x1D,0x2E,                              /* [5710] OBJ_freshest_crl */
 };

 static const ASN1_OBJECT nid_objs[NUM_NID]={
@ -2256,6 +2257,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"HMAC","hmac",NID_hmac,0,NULL,0},
 {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9,
 	&(lvalues[5701]),0},
+{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3,
+	&(lvalues[5710]),0},
 };

 static const unsigned int sn_objs[NUM_SN]={
@ -2534,6 +2537,7 @@ static const unsigned int sn_objs[NUM_SN]={
 126,	/* "extendedKeyUsage" */
 372,	/* "extendedStatus" */
 462,	/* "favouriteDrink" */
+857,	/* "freshestCRL" */
 453,	/* "friendlyCountry" */
 490,	/* "friendlyCountryName" */
 156,	/* "friendlyName" */
@ -3230,6 +3234,7 @@ static const unsigned int ln_objs[NUM_LN]={
 89,	/* "X509v3 Certificate Policies" */
 140,	/* "X509v3 Delta CRL Indicator" */
 126,	/* "X509v3 Extended Key Usage" */
+857,	/* "X509v3 Freshest CRL" */
 748,	/* "X509v3 Inhibit Any Policy" */
 86,	/* "X509v3 Issuer Alternative Name" */
 770,	/* "X509v3 Issuing Distrubution Point" */
@ -4029,6 +4034,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 90,	/* OBJ_authority_key_identifier     2 5 29 35 */
 401,	/* OBJ_policy_constraints           2 5 29 36 */
 126,	/* OBJ_ext_key_usage                2 5 29 37 */
+857,	/* OBJ_freshest_crl                 2 5 29 46 */
 748,	/* OBJ_inhibit_any_policy           2 5 29 54 */
 402,	/* OBJ_target_information           2 5 29 55 */
 403,	/* OBJ_no_rev_avail                 2 5 29 56 */
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@ -2235,6 +2235,11 @@
 #define NID_ext_key_usage		126
 #define OBJ_ext_key_usage		OBJ_id_ce,37L

+#define SN_freshest_crl		"freshestCRL"
+#define LN_freshest_crl		"X509v3 Freshest CRL"
+#define NID_freshest_crl		857
+#define OBJ_freshest_crl		OBJ_id_ce,46L
+
 #define SN_inhibit_any_policy		"inhibitAnyPolicy"
 #define LN_inhibit_any_policy		"X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy		748
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@ -854,3 +854,4 @@ id_GostR3411_94_with_GostR3410_2001_cc		853
 id_GostR3410_2001_ParamSet_cc		854
 hmac		855
 LocalKeySet		856
+freshest_crl		857
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@ -726,6 +726,8 @@ id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
 id-ce 36		: policyConstraints	: X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
+!Cname freshest-crl
+id-ce 46		: freshestCRL		: X509v3 Freshest CRL
 !Cname inhibit-any-policy
 id-ce 54		: inhibitAnyPolicy	: X509v3 Inhibit Any Policy
 !Cname target-information
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@ -61,7 +61,7 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
@ -123,6 +123,7 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_inhibit_anyp,
 &v3_idp,
 &v3_alt[2],
+&v3_freshest_crl,
 };

 /* Number of standard extensions */
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@ -79,6 +79,17 @@ const X509V3_EXT_METHOD v3_crld =
 	NULL
 	};

+const X509V3_EXT_METHOD v3_freshest_crl =
+	{
+	NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+	0,0,0,0,
+	0,0,
+	0,
+	v2i_crld,
+	i2r_crldp,0,
+	NULL
+	};
+
 static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
 	{
 	STACK_OF(CONF_VALUE) *gnsect;