generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Support for dirName from config files in GeneralName extensions.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2003-02-27 01:54:11 +00:00
parent e9ec63961b
commit f0dc08e656
6 changed files with 97 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -4,6 +4,10 @@
Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] Changes between 0.9.7a and 0.9.8 [xx XXX xxxx]
*) Support for directoryName in GeneralName related extensions
in config files.
[Steve Henson]
*) Make it possible to link applications using Makefile.shared. *) Make it possible to link applications using Makefile.shared.
Make that possible even when linking against static libraries! Make that possible even when linking against static libraries!
[Richard Levitte] [Richard Levitte]

32
crypto/x509v3/v3_alt.c
View File

@ -66,6 +66,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
X509V3_EXT_METHOD v3_alt[] = { X509V3_EXT_METHOD v3_alt[] = {
{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
@ -452,6 +453,13 @@ if(!name_cmp(name, "email")) {
goto err; goto err;
} }
type = GEN_IPADD; type = GEN_IPADD;
} else if(!name_cmp(name, "dirName")) {
type = GEN_DIRNAME;
if (!do_dirname(gen, value, ctx))
{
X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR);
goto err;
}
} else if(!name_cmp(name, "otherName")) { } else if(!name_cmp(name, "otherName")) {
if (!do_othername(gen, value, ctx)) if (!do_othername(gen, value, ctx))
{ {
@ -507,3 +515,27 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
return 0; return 0;
return 1; return 1;
} }
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
{
int ret;
STACK_OF(CONF_VALUE) *sk;
X509_NAME *nm;
if (!(nm = X509_NAME_new()))
return 0;
sk = X509V3_get_section(ctx, value);
if (!sk)
{
X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
ERR_add_error_data(2, "section=", value);
X509_NAME_free(nm);
return 0;
}
/* FIXME: should allow other character types... */
ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
if (!ret)
X509_NAME_free(nm);
gen->d.dirn = nm;
return ret;
}

12
crypto/x509v3/v3_conf.c
View File

@ -151,7 +151,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
} }
else if(method->r2i) else if(method->r2i)
{ {
if(!ctx->db) if(!ctx->db || !ctx->db_meth)
{ {
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
return NULL; return NULL;
@ -383,6 +383,11 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
{ {
if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string)
{
X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED);
return NULL;
}
if (ctx->db_meth->get_string) if (ctx->db_meth->get_string)
return ctx->db_meth->get_string(ctx->db, name, section); return ctx->db_meth->get_string(ctx->db, name, section);
return NULL; return NULL;
@ -390,6 +395,11 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
{ {
if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section)
{
X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED);
return NULL;
}
if (ctx->db_meth->get_section) if (ctx->db_meth->get_section)
return ctx->db_meth->get_section(ctx->db, section); return ctx->db_meth->get_section(ctx->db, section);
return NULL; return NULL;

35
crypto/x509v3/v3_utl.c
View File

@ -740,3 +740,38 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen)
return 1; return 1;
} }
int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
unsigned long chtype)
{
CONF_VALUE *v;
int i;
char *p, *type;
if (!nm)
return 0;
for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
{
v=sk_CONF_VALUE_value(dn_sk,i);
type=v->name;
/* Skip past any leading X. X: X, etc to allow for
* multiple instances
*/
for(p = type; *p ; p++)
#ifndef CHARSET_EBCDIC
if ((*p == ':') || (*p == ',') || (*p == '.'))
#else
if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.']))
#endif
{
p++;
if(*p) type = p;
break;
}
if (!X509_NAME_add_entry_by_txt(nm,type, chtype,
(unsigned char *) v->value,-1,-1,0))
return 0;
}
return 1;
}

8
crypto/x509v3/v3err.c
View File

@ -1,6 +1,6 @@
/* crypto/x509v3/v3err.c */ /* crypto/x509v3/v3err.c */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -68,6 +68,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
{ {
{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, {ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"},
{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"}, {ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"},
{ERR_PACK(0,X509V3_F_DO_DIRNAME,0), "DO_DIRNAME"},
{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, {ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"},
{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, {ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"},
{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
@ -104,6 +105,8 @@ static ERR_STRING_DATA X509V3_str_functs[]=
{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
{ERR_PACK(0,X509V3_F_X509V3_GET_SECTION,0), "X509V3_get_section"},
{ERR_PACK(0,X509V3_F_X509V3_GET_STRING,0), "X509V3_get_string"},
{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, {ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"},
@ -117,6 +120,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
{X509V3_R_BAD_OBJECT ,"bad object"}, {X509V3_R_BAD_OBJECT ,"bad object"},
{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"}, {X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"},
{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, {X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"},
{X509V3_R_DIRNAME_ERROR ,"dirname error"},
{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, {X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"},
{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, {X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"},
{X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"}, {X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"},
@ -152,7 +156,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
{X509V3_R_NO_PUBLIC_KEY ,"no public key"}, {X509V3_R_NO_PUBLIC_KEY ,"no public key"},
{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, {X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"},
{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, {X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"},
{X509V3_R_OPERATION_NOT_DEFINED ,"operation not defined"},
{X509V3_R_OTHERNAME_ERROR ,"othername error"}, {X509V3_R_OTHERNAME_ERROR ,"othername error"},
{X509V3_R_SECTION_NOT_FOUND ,"section not found"},
{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, {X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"},
{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, {X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"},
{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, {X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"},

8
crypto/x509v3/x509v3.h
View File

@ -548,6 +548,8 @@ STACK *X509_REQ_get1_email(X509_REQ *x);
void X509_email_free(STACK *sk); void X509_email_free(STACK *sk);
ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
unsigned long chtype);
/* BEGIN ERROR CODES */ /* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes /* The following lines are auto generated by the script mkerr.pl. Any changes
@ -560,6 +562,7 @@ void ERR_load_X509V3_strings(void);
/* Function codes. */ /* Function codes. */
#define X509V3_F_COPY_EMAIL 122 #define X509V3_F_COPY_EMAIL 122
#define X509V3_F_COPY_ISSUER 123 #define X509V3_F_COPY_ISSUER 123
#define X509V3_F_DO_DIRNAME 144
#define X509V3_F_DO_EXT_CONF 124 #define X509V3_F_DO_EXT_CONF 124
#define X509V3_F_DO_EXT_I2D 135 #define X509V3_F_DO_EXT_I2D 135
#define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_HEX_TO_STRING 111
@ -596,6 +599,8 @@ void ERR_load_X509V3_strings(void);
#define X509V3_F_X509V3_EXT_ADD_ALIAS 106 #define X509V3_F_X509V3_EXT_ADD_ALIAS 106
#define X509V3_F_X509V3_EXT_CONF 107 #define X509V3_F_X509V3_EXT_CONF 107
#define X509V3_F_X509V3_EXT_I2D 136 #define X509V3_F_X509V3_EXT_I2D 136
#define X509V3_F_X509V3_GET_SECTION 142
#define X509V3_F_X509V3_GET_STRING 143
#define X509V3_F_X509V3_GET_VALUE_BOOL 110 #define X509V3_F_X509V3_GET_VALUE_BOOL 110
#define X509V3_F_X509V3_PARSE_LIST 109 #define X509V3_F_X509V3_PARSE_LIST 109
#define X509V3_F_X509_PURPOSE_ADD 137 #define X509V3_F_X509_PURPOSE_ADD 137
@ -606,6 +611,7 @@ void ERR_load_X509V3_strings(void);
#define X509V3_R_BAD_OBJECT 119 #define X509V3_R_BAD_OBJECT 119
#define X509V3_R_BN_DEC2BN_ERROR 100 #define X509V3_R_BN_DEC2BN_ERROR 100
#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
#define X509V3_R_DIRNAME_ERROR 149
#define X509V3_R_DUPLICATE_ZONE_ID 133 #define X509V3_R_DUPLICATE_ZONE_ID 133
#define X509V3_R_ERROR_CONVERTING_ZONE 131 #define X509V3_R_ERROR_CONVERTING_ZONE 131
#define X509V3_R_ERROR_CREATING_EXTENSION 144 #define X509V3_R_ERROR_CREATING_EXTENSION 144
@ -641,7 +647,9 @@ void ERR_load_X509V3_strings(void);
#define X509V3_R_NO_PUBLIC_KEY 114 #define X509V3_R_NO_PUBLIC_KEY 114
#define X509V3_R_NO_SUBJECT_DETAILS 125 #define X509V3_R_NO_SUBJECT_DETAILS 125
#define X509V3_R_ODD_NUMBER_OF_DIGITS 112 #define X509V3_R_ODD_NUMBER_OF_DIGITS 112
#define X509V3_R_OPERATION_NOT_DEFINED 148
#define X509V3_R_OTHERNAME_ERROR 147 #define X509V3_R_OTHERNAME_ERROR 147
#define X509V3_R_SECTION_NOT_FOUND 150
#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111