Continued patches so certificates and CRLs now can support and use
GeneralizedTime.
This commit is contained in:
parent
6f93539970
commit
9b5cc156f3
8
CHANGES
8
CHANGES
@ -5,6 +5,13 @@
|
|||||||
|
|
||||||
Changes between 0.9.1c and 0.9.2
|
Changes between 0.9.1c and 0.9.2
|
||||||
|
|
||||||
|
*) Continuing patches for GeneralizedTime. Fix up certificate and CRL
|
||||||
|
ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
|
||||||
|
Removed the versions check from X509 routines when loading extensions:
|
||||||
|
this allows certain broken certificates that don't set the version
|
||||||
|
properly to be processed.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
|
*) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
|
||||||
Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
|
Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
|
||||||
can still be regenerated with "make depend".
|
can still be regenerated with "make depend".
|
||||||
@ -22,6 +29,7 @@
|
|||||||
C file. To rebuild all the error codes from scratch (the old behaviour)
|
C file. To rebuild all the error codes from scratch (the old behaviour)
|
||||||
either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
|
either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
|
||||||
or delete all the .err files.
|
or delete all the .err files.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) CAST-128 was incorrectly implemented for short keys. The C version has
|
*) CAST-128 was incorrectly implemented for short keys. The C version has
|
||||||
been fixed, but is untested. The assembler versions are also fixed, but
|
been fixed, but is untested. The assembler versions are also fixed, but
|
||||||
|
@ -214,14 +214,14 @@ bad:
|
|||||||
if (lastupdate == i)
|
if (lastupdate == i)
|
||||||
{
|
{
|
||||||
fprintf(stdout,"lastUpdate=");
|
fprintf(stdout,"lastUpdate=");
|
||||||
ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
|
ASN1_TIME_print(bio_out,x->crl->lastUpdate);
|
||||||
fprintf(stdout,"\n");
|
fprintf(stdout,"\n");
|
||||||
}
|
}
|
||||||
if (nextupdate == i)
|
if (nextupdate == i)
|
||||||
{
|
{
|
||||||
fprintf(stdout,"nextUpdate=");
|
fprintf(stdout,"nextUpdate=");
|
||||||
if (x->crl->nextUpdate != NULL)
|
if (x->crl->nextUpdate != NULL)
|
||||||
ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
|
ASN1_TIME_print(bio_out,x->crl->nextUpdate);
|
||||||
else
|
else
|
||||||
fprintf(stdout,"NONE");
|
fprintf(stdout,"NONE");
|
||||||
fprintf(stdout,"\n");
|
fprintf(stdout,"\n");
|
||||||
@ -264,7 +264,7 @@ bad:
|
|||||||
fprintf(stdout,"revoked: serialNumber=");
|
fprintf(stdout,"revoked: serialNumber=");
|
||||||
i2a_ASN1_INTEGER(out,r->serialNumber);
|
i2a_ASN1_INTEGER(out,r->serialNumber);
|
||||||
fprintf(stdout," revocationDate=");
|
fprintf(stdout," revocationDate=");
|
||||||
ASN1_UTCTIME_print(bio_out,r->revocationDate);
|
ASN1_TIME_print(bio_out,r->revocationDate);
|
||||||
fprintf(stdout,"\n");
|
fprintf(stdout,"\n");
|
||||||
}
|
}
|
||||||
sk_free(sk);
|
sk_free(sk);
|
||||||
|
@ -277,9 +277,9 @@ bad:
|
|||||||
BIO_puts(out,buf);
|
BIO_puts(out,buf);
|
||||||
|
|
||||||
BIO_puts(out,"\nlast update=");
|
BIO_puts(out,"\nlast update=");
|
||||||
ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
|
ASN1_TIME_print(out,crl->crl->lastUpdate);
|
||||||
BIO_puts(out,"\nnext update=");
|
BIO_puts(out,"\nnext update=");
|
||||||
ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
|
ASN1_TIME_print(out,crl->crl->nextUpdate);
|
||||||
BIO_puts(out,"\n");
|
BIO_puts(out,"\n");
|
||||||
|
|
||||||
PEM_write_bio_X509_CRL(out,crl);
|
PEM_write_bio_X509_CRL(out,crl);
|
||||||
|
@ -109,13 +109,13 @@ X509_STORE_CTX *ctx;
|
|||||||
case X509_V_ERR_CERT_NOT_YET_VALID:
|
case X509_V_ERR_CERT_NOT_YET_VALID:
|
||||||
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
|
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
|
||||||
BIO_printf(bio_err,"notBefore=");
|
BIO_printf(bio_err,"notBefore=");
|
||||||
ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
|
ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
|
||||||
BIO_printf(bio_err,"\n");
|
BIO_printf(bio_err,"\n");
|
||||||
break;
|
break;
|
||||||
case X509_V_ERR_CERT_HAS_EXPIRED:
|
case X509_V_ERR_CERT_HAS_EXPIRED:
|
||||||
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
|
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
|
||||||
BIO_printf(bio_err,"notAfter=");
|
BIO_printf(bio_err,"notAfter=");
|
||||||
ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
|
ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
|
||||||
BIO_printf(bio_err,"\n");
|
BIO_printf(bio_err,"\n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -550,13 +550,13 @@ bad:
|
|||||||
else if (startdate == i)
|
else if (startdate == i)
|
||||||
{
|
{
|
||||||
BIO_puts(STDout,"notBefore=");
|
BIO_puts(STDout,"notBefore=");
|
||||||
ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
|
ASN1_TIME_print(STDout,X509_get_notBefore(x));
|
||||||
BIO_puts(STDout,"\n");
|
BIO_puts(STDout,"\n");
|
||||||
}
|
}
|
||||||
else if (enddate == i)
|
else if (enddate == i)
|
||||||
{
|
{
|
||||||
BIO_puts(STDout,"notAfter=");
|
BIO_puts(STDout,"notAfter=");
|
||||||
ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
|
ASN1_TIME_print(STDout,X509_get_notAfter(x));
|
||||||
BIO_puts(STDout,"\n");
|
BIO_puts(STDout,"\n");
|
||||||
}
|
}
|
||||||
else if (fingerprint == i)
|
else if (fingerprint == i)
|
||||||
|
@ -146,9 +146,9 @@ X509 *x;
|
|||||||
if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
|
if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
|
||||||
if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err;
|
if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err;
|
||||||
if (BIO_write(bp," Not Before: ",24) <= 0) goto err;
|
if (BIO_write(bp," Not Before: ",24) <= 0) goto err;
|
||||||
if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err;
|
if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
|
||||||
if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err;
|
if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err;
|
||||||
if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err;
|
if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
|
||||||
if (BIO_write(bp,"\n Subject: ",18) <= 0) goto err;
|
if (BIO_write(bp,"\n Subject: ",18) <= 0) goto err;
|
||||||
if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
|
if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
|
||||||
if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0)
|
if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0)
|
||||||
|
@ -147,7 +147,14 @@ long length;
|
|||||||
M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
|
M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
|
||||||
V_ASN1_BIT_STRING);
|
V_ASN1_BIT_STRING);
|
||||||
}
|
}
|
||||||
|
/* Note: some broken certificates include extensions but don't set
|
||||||
|
* the version number properly. By bypassing this check they can
|
||||||
|
* be parsed.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef VERSION_EXT_CHECK
|
||||||
if (ver >= 2) /* version 3 extensions */
|
if (ver >= 2) /* version 3 extensions */
|
||||||
|
#endif
|
||||||
{
|
{
|
||||||
if (ret->extensions != NULL)
|
if (ret->extensions != NULL)
|
||||||
while (sk_num(ret->extensions))
|
while (sk_num(ret->extensions))
|
||||||
|
@ -85,13 +85,13 @@ unsigned char **pp;
|
|||||||
M_ASN1_I2D_vars(a);
|
M_ASN1_I2D_vars(a);
|
||||||
|
|
||||||
M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
|
M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
|
||||||
M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
|
M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
|
||||||
M_ASN1_I2D_len_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
|
M_ASN1_I2D_len_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
|
||||||
|
|
||||||
M_ASN1_I2D_seq_total();
|
M_ASN1_I2D_seq_total();
|
||||||
|
|
||||||
M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
|
M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
|
||||||
M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
|
M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
|
||||||
M_ASN1_I2D_put_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
|
M_ASN1_I2D_put_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
|
||||||
|
|
||||||
M_ASN1_I2D_finish();
|
M_ASN1_I2D_finish();
|
||||||
@ -107,7 +107,7 @@ long length;
|
|||||||
M_ASN1_D2I_Init();
|
M_ASN1_D2I_Init();
|
||||||
M_ASN1_D2I_start_sequence();
|
M_ASN1_D2I_start_sequence();
|
||||||
M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
|
M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
|
||||||
M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
|
M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME);
|
||||||
M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION,
|
M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION,
|
||||||
X509_EXTENSION_free);
|
X509_EXTENSION_free);
|
||||||
M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
|
M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
|
||||||
@ -130,9 +130,9 @@ unsigned char **pp;
|
|||||||
}
|
}
|
||||||
M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
|
M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
|
||||||
M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
|
M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
|
||||||
M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
|
M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
|
||||||
if (a->nextUpdate != NULL)
|
if (a->nextUpdate != NULL)
|
||||||
{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
|
{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
|
||||||
M_ASN1_I2D_len_SEQUENCE_opt(a->revoked,i2d_X509_REVOKED);
|
M_ASN1_I2D_len_SEQUENCE_opt(a->revoked,i2d_X509_REVOKED);
|
||||||
M_ASN1_I2D_len_EXP_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION,0,
|
M_ASN1_I2D_len_EXP_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION,0,
|
||||||
V_ASN1_SEQUENCE,v1);
|
V_ASN1_SEQUENCE,v1);
|
||||||
@ -177,8 +177,18 @@ long length;
|
|||||||
}
|
}
|
||||||
M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
|
M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
|
||||||
M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
|
M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
|
||||||
M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
|
M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME);
|
||||||
M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
|
/* Manually handle the OPTIONAL ASN1_TIME stuff */
|
||||||
|
if((c.slen != 0) &&
|
||||||
|
( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
|
||||||
|
V_ASN1_UNIVERSAL|V_ASN1_UTCTIME)
|
||||||
|
|| ( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
|
||||||
|
V_ASN1_UNIVERSAL|V_ASN1_GENERALIZEDTIME) ) ) ) {
|
||||||
|
M_ASN1_D2I_get(ret->nextUpdate,d2i_ASN1_TIME);
|
||||||
|
}
|
||||||
|
if(!ret->nextUpdate)
|
||||||
|
M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME,
|
||||||
|
V_ASN1_GENERALIZEDTIME);
|
||||||
if (ret->revoked != NULL)
|
if (ret->revoked != NULL)
|
||||||
{
|
{
|
||||||
while (sk_num(ret->revoked))
|
while (sk_num(ret->revoked))
|
||||||
|
@ -71,13 +71,13 @@ unsigned char **pp;
|
|||||||
{
|
{
|
||||||
M_ASN1_I2D_vars(a);
|
M_ASN1_I2D_vars(a);
|
||||||
|
|
||||||
M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME);
|
M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME);
|
||||||
M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME);
|
M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME);
|
||||||
|
|
||||||
M_ASN1_I2D_seq_total();
|
M_ASN1_I2D_seq_total();
|
||||||
|
|
||||||
M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME);
|
M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME);
|
||||||
M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME);
|
M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME);
|
||||||
|
|
||||||
M_ASN1_I2D_finish();
|
M_ASN1_I2D_finish();
|
||||||
}
|
}
|
||||||
@ -91,8 +91,8 @@ long length;
|
|||||||
|
|
||||||
M_ASN1_D2I_Init();
|
M_ASN1_D2I_Init();
|
||||||
M_ASN1_D2I_start_sequence();
|
M_ASN1_D2I_start_sequence();
|
||||||
M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME);
|
M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME);
|
||||||
M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME);
|
M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME);
|
||||||
M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
|
M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -102,8 +102,8 @@ X509_VAL *X509_VAL_new()
|
|||||||
ASN1_CTX c;
|
ASN1_CTX c;
|
||||||
|
|
||||||
M_ASN1_New_Malloc(ret,X509_VAL);
|
M_ASN1_New_Malloc(ret,X509_VAL);
|
||||||
M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new);
|
M_ASN1_New(ret->notBefore,ASN1_TIME_new);
|
||||||
M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new);
|
M_ASN1_New(ret->notAfter,ASN1_TIME_new);
|
||||||
return(ret);
|
return(ret);
|
||||||
M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
|
M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
|
||||||
}
|
}
|
||||||
@ -112,8 +112,8 @@ void X509_VAL_free(a)
|
|||||||
X509_VAL *a;
|
X509_VAL *a;
|
||||||
{
|
{
|
||||||
if (a == NULL) return;
|
if (a == NULL) return;
|
||||||
ASN1_UTCTIME_free(a->notBefore);
|
ASN1_TIME_free(a->notBefore);
|
||||||
ASN1_UTCTIME_free(a->notAfter);
|
ASN1_TIME_free(a->notAfter);
|
||||||
Free((char *)a);
|
Free((char *)a);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user