Add support for setting IDP too.

0537f968 · Dr. Stephen Henson · 0c010a15 · 0537f968 · 0537f968 · 0537f968
Showing with 77 addition and 10 deletion

CHANGES CHANGES +1 -1

crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c +72 -7

crypto/x509v3/v3err.c crypto/x509v3/v3err.c +2 -1

crypto/x509v3/x509v3.h crypto/x509v3/x509v3.h +2 -1

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,7 @@
     all fields.
     [Steve Henson]

-  *) Add print only support for Issuing Distribution Point CRL extension.
+  *) Add print and set support for Issuing Distribution Point CRL extension.
     [Steve Henson]

 Changes between 0.9.8 and 0.9.8a  [XX xxx XXXX]

--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -101,7 +101,7 @@ static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
 	return gens;
 	}

-static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
+static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
 							CONF_VALUE *cnf)
 	{
 	STACK_OF(GENERAL_NAME) *fnm = NULL;
@@ -123,7 +123,7 @@ static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
 		dnsect = X509V3_get_section(ctx, cnf->value);
 		if (!dnsect)
 			{
-			X509V3err(X509V3_F_GET_DIST_POINT_NAME,
+			X509V3err(X509V3_F_SET_DIST_POINT_NAME,
 						X509V3_R_SECTION_NOT_FOUND);
 			return -1;
 			}
@@ -140,7 +140,7 @@ static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
 		if (sk_X509_NAME_ENTRY_value(rnm,
 				sk_X509_NAME_ENTRY_num(rnm) - 1)->set)
 			{
-			X509V3err(X509V3_F_GET_DIST_POINT_NAME,
+			X509V3err(X509V3_F_SET_DIST_POINT_NAME,
 						X509V3_R_INVAID_MULTIPLE_RDNS);
 			goto err;
 			}
@@ -150,7 +150,7 @@ static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,

 	if (*pdp)
 		{
-		X509V3err(X509V3_F_GET_DIST_POINT_NAME,
+		X509V3err(X509V3_F_SET_DIST_POINT_NAME,
 						X509V3_R_DISTPOINT_ALREADY_SET);
 		goto err;
 		}
@@ -179,7 +179,6 @@ static int get_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
 	return -1;
 	}

-
 static const BIT_STRING_BITNAME reason_flags[] = {
 {1, "Key Compromise", "keyCompromise"},
 {2, "CA Compromise", "CACompromise"},
@@ -269,7 +268,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
 		{
 		int ret;
 		cnf = sk_CONF_VALUE_value(nval, i);
-		ret = get_dist_point_name(&point->distpoint, ctx, cnf);
+		ret = set_dist_point_name(&point->distpoint, ctx, cnf);
 		if (ret > 0)
 			continue;
 		if (ret < 0)
@@ -393,8 +392,12 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
 	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
 } ASN1_SEQUENCE_END(ISSUING_DIST_POINT)

+IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+
 static int i2r_idp(X509V3_EXT_METHOD *method,
 	     void *pidp, BIO *out, int indent);
+static void *v2i_idp(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

 X509V3_EXT_METHOD v3_idp =
 	{
@@ -402,11 +405,73 @@ X509V3_EXT_METHOD v3_idp =
 	ASN1_ITEM_ref(ISSUING_DIST_POINT),
 	0,0,0,0,
 	0,0,
-	0,0,
+	0,
+	v2i_idp,
 	i2r_idp,0,
 	NULL
 	};

+static void *v2i_idp(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+	{
+	ISSUING_DIST_POINT *idp = NULL;
+	CONF_VALUE *cnf;
+	char *name, *val;
+	int i, ret;
+	idp = ISSUING_DIST_POINT_new();
+	if (!idp)
+		goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
+		{
+		cnf = sk_CONF_VALUE_value(nval, i);
+		name = cnf->name;
+		val = cnf->value;
+		ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
+		if (ret > 0)
+			continue;
+		if (ret < 0)
+			goto err;
+		if (!strcmp(name, "onlyuser"))
+			{
+			if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
+				goto err;
+			}
+		else if (!strcmp(name, "onlyCA"))
+			{
+			if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
+				goto err;
+			}
+		else if (!strcmp(name, "onlyAA"))
+			{
+			if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
+				goto err;
+			}
+		else if (!strcmp(name, "indirectCRL"))
+			{
+			if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
+				goto err;
+			}
+		else if (!strcmp(name, "onlysomereasons"))
+			{
+			if (!set_reasons(&idp->onlysomereasons, val))
+				goto err;
+			}
+		else
+			{
+                        X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
+                        X509V3_conf_err(cnf);
+                        goto err;
+			}
+		}
+	return idp;
+
+	merr:
+	X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE);
+	err:
+	ISSUING_DIST_POINT_free(idp);
+	return NULL;
+	}
+
 static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
 	{
 	int i;

--- a/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c
@@ -77,7 +77,6 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_DO_EXT_I2D),	"DO_EXT_I2D"},
 {ERR_FUNC(X509V3_F_DO_EXT_NCONF),	"DO_EXT_NCONF"},
 {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS),	"DO_I2V_NAME_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_GET_DIST_POINT_NAME),	"GET_DIST_POINT_NAME"},
 {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME),	"GNAMES_FROM_SECTNAME"},
 {ERR_FUNC(X509V3_F_HEX_TO_STRING),	"hex_to_string"},
 {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED),	"i2s_ASN1_ENUMERATED"},
@@ -95,6 +94,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING),	"s2i_ASN1_OCTET_STRING"},
 {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID),	"S2I_ASN1_SKEY_ID"},
 {ERR_FUNC(X509V3_F_S2I_SKEY_ID),	"S2I_SKEY_ID"},
+{ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME),	"SET_DIST_POINT_NAME"},
 {ERR_FUNC(X509V3_F_STRING_TO_HEX),	"string_to_hex"},
 {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC),	"SXNET_add_id_asc"},
 {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER),	"SXNET_add_id_INTEGER"},
@@ -109,6 +109,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE),	"V2I_EXTENDED_KEY_USAGE"},
 {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES),	"v2i_GENERAL_NAMES"},
 {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX),	"v2i_GENERAL_NAME_ex"},
+{ERR_FUNC(X509V3_F_V2I_IDP),	"V2I_IDP"},
 {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT),	"V2I_ISSUER_ALT"},
 {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS),	"V2I_NAME_CONSTRAINTS"},
 {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS),	"V2I_POLICY_CONSTRAINTS"},

--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -650,7 +650,6 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_DO_EXT_I2D				 135
 #define X509V3_F_DO_EXT_NCONF				 151
 #define X509V3_F_DO_I2V_NAME_CONSTRAINTS		 148
-#define X509V3_F_GET_DIST_POINT_NAME			 155
 #define X509V3_F_GNAMES_FROM_SECTNAME			 156
 #define X509V3_F_HEX_TO_STRING				 111
 #define X509V3_F_I2S_ASN1_ENUMERATED			 121
@@ -668,6 +667,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_S2I_ASN1_OCTET_STRING			 112
 #define X509V3_F_S2I_ASN1_SKEY_ID			 114
 #define X509V3_F_S2I_SKEY_ID				 115
+#define X509V3_F_SET_DIST_POINT_NAME			 155
 #define X509V3_F_STRING_TO_HEX				 113
 #define X509V3_F_SXNET_ADD_ID_ASC			 125
 #define X509V3_F_SXNET_ADD_ID_INTEGER			 126
@@ -682,6 +682,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_V2I_EXTENDED_KEY_USAGE			 103
 #define X509V3_F_V2I_GENERAL_NAMES			 118
 #define X509V3_F_V2I_GENERAL_NAME_EX			 117
+#define X509V3_F_V2I_IDP				 157
 #define X509V3_F_V2I_ISSUER_ALT				 153
 #define X509V3_F_V2I_NAME_CONSTRAINTS			 147
 #define X509V3_F_V2I_POLICY_CONSTRAINTS			 146