generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make it possible to move the emailAddress object to the subjectAltName

Browse Source 
extension instead of just copying it.  That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.
This commit is contained in:
Richard Levitte 2001-04-11 12:55:06 +00:00
parent a9d2bc4902
commit c9fd77e9dd
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
crypto/x509v3/v3_alt.c
View File

@ -63,7 +63,7 @@
static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
X509V3_EXT_METHOD v3_alt[] = { X509V3_EXT_METHOD v3_alt[] = {
{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
@ -281,7 +281,10 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
cnf = sk_CONF_VALUE_value(nval, i); cnf = sk_CONF_VALUE_value(nval, i);
if(!name_cmp(cnf->name, "email") && cnf->value && if(!name_cmp(cnf->name, "email") && cnf->value &&
!strcmp(cnf->value, "copy")) { !strcmp(cnf->value, "copy")) {
if(!copy_email(ctx, gens)) goto err; if(!copy_email(ctx, gens, 0)) goto err;
} else if(!name_cmp(cnf->name, "email") && cnf->value &&
!strcmp(cnf->value, "move")) {
if(!copy_email(ctx, gens, 1)) goto err;
} else { } else {
GENERAL_NAME *gen; GENERAL_NAME *gen;
if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
@ -299,7 +302,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
* GENERAL_NAMES * GENERAL_NAMES
*/ */
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens) static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
{ {
X509_NAME *nm; X509_NAME *nm;
ASN1_IA5STRING *email = NULL; ASN1_IA5STRING *email = NULL;
@ -321,6 +324,11 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens)
NID_pkcs9_emailAddress, i)) >= 0) { NID_pkcs9_emailAddress, i)) >= 0) {
ne = X509_NAME_get_entry(nm, i); ne = X509_NAME_get_entry(nm, i);
email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
if (move_p)
{
X509_NAME_delete_entry(nm, i);
i--;
}
if(!email || !(gen = GENERAL_NAME_new())) { if(!email || !(gen = GENERAL_NAME_new())) {
X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
goto err; goto err;