diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 1999-02-17 23:22:57 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 1999-02-17 23:22:57 +0000 |
| commit | 0be9747b39568ff4974335836369726f8b3bcf35 (patch) | |
| tree | 2cd5381297f7a617fcb760ad3b0be925185d8074 /crypto/x509v3/v3_akey.c | |
| parent | 3d8accc3ae7a6899ac67719bd9e7f24892de4f21 (diff) | |
Oops! Remeber to include the other patches this time...
Diffstat (limited to 'crypto/x509v3/v3_akey.c')
| -rw-r--r-- | crypto/x509v3/v3_akey.c | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index e3b84601be..bef9b77943 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -175,11 +175,97 @@ STACK *extlist; return extlist; } +/* Currently two options: + * keyid: use the issuers subject keyid, the value 'always' means its is + * an error if the issuer certificate doesn't have a key id. + * issuer: use the issuers cert issuer and serial number. The default is + * to only use this if keyid is not present. With the option 'always' + * this is always included. + */ + static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(method, ctx, values) X509V3_EXT_METHOD *method; X509V3_CTX *ctx; STACK *values; { +char keyid=0, issuer=0; +int i; +CONF_VALUE *cnf; +ASN1_OCTET_STRING *ikeyid = NULL; +X509_NAME *isname = NULL; +STACK * gens = NULL; +GENERAL_NAME *gen = NULL; +ASN1_INTEGER *serial = NULL; +X509_EXTENSION *ext; +X509 *cert; +AUTHORITY_KEYID *akeyid; +for(i = 0; i < sk_num(values); i++) { + cnf = (CONF_VALUE *)sk_value(values, i); + if(!strcmp(cnf->name, "keyid")) { + keyid = 1; + if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2; + } else if(!strcmp(cnf->name, "issuer")) { + issuer = 1; + if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2; + } else { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); + ERR_add_error_data(2, "name=", cnf->name); + return NULL; + } +} + + + +if(!ctx || !ctx->issuer_cert) { + if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); + return NULL; +} + +cert = ctx->issuer_cert; + +if(keyid) { + i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); + if((i >= 0) && (ext = X509_get_ext(cert, i))) + ikeyid = (ASN1_OCTET_STRING *) X509V3_EXT_d2i(ext); + if(keyid==2 && !ikeyid) { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); + return NULL; + } +} + +if((issuer && !ikeyid) || (issuer == 2)) { + isname = X509_NAME_dup(X509_get_issuer_name(cert)); + serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + if(!isname || !serial) { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); + goto err; + } +} + +if(!(akeyid = AUTHORITY_KEYID_new())) goto err; + +if(isname) { + if(!(gens = sk_new(NULL)) || !(gen = GENERAL_NAME_new()) + || !sk_push(gens, (char *)gen)) { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); + goto err; + } + gen->type = GEN_DIRNAME; + gen->d.dirn = isname; +} + +akeyid->issuer = gens; +akeyid->serial = serial; +akeyid->keyid = ikeyid; + +return akeyid; + +err: +X509_NAME_free(isname); +ASN1_INTEGER_free(serial); +ASN1_OCTET_STRING_free(ikeyid); return NULL; + } |