diff options
| author | Richard Levitte <levitte@openssl.org> | 2001-04-11 12:55:06 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2001-04-11 12:55:06 +0000 |
| commit | c9fd77e9ddf46153ef9866b64a7cc8a178648d6c (patch) | |
| tree | a9e42a4d3f44fb1dbb30e3f230ba454fa4a71a61 /crypto/x509v3/v3_alt.c | |
| parent | a9d2bc4902f1e835cc5cbb48064229c18cbedd7f (diff) | |
Make it possible to move the emailAddress object to the subjectAltName
extension instead of just copying it. That makes a certificate comply
even more with PKIX recommendations according to RFC 2459.
Diffstat (limited to 'crypto/x509v3/v3_alt.c')
| -rw-r--r-- | crypto/x509v3/v3_alt.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 0fc5c1fb13..0e9e7dcb4f 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -63,7 +63,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens); +static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); X509V3_EXT_METHOD v3_alt[] = { { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), @@ -281,7 +281,10 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, cnf = sk_CONF_VALUE_value(nval, i); if(!name_cmp(cnf->name, "email") && cnf->value && !strcmp(cnf->value, "copy")) { - if(!copy_email(ctx, gens)) goto err; + if(!copy_email(ctx, gens, 0)) goto err; + } else if(!name_cmp(cnf->name, "email") && cnf->value && + !strcmp(cnf->value, "move")) { + if(!copy_email(ctx, gens, 1)) goto err; } else { GENERAL_NAME *gen; if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) @@ -299,7 +302,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, * GENERAL_NAMES */ -static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens) +static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) { X509_NAME *nm; ASN1_IA5STRING *email = NULL; @@ -321,6 +324,11 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens) NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(nm, i); email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); + if (move_p) + { + X509_NAME_delete_entry(nm, i); + i--; + } if(!email || !(gen = GENERAL_NAME_new())) { X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); goto err; |