oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add revoking certs.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20848 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-06-03 15:31:07 +00:00
parent 1e223ee1a9
commit 04a99a3e5c
1 changed files with 54 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
lib/hx509/revoke.c
View File

@@ -1099,6 +1099,41 @@ hx509_crl_free(hx509_context context, hx509_crl *crl)
*crl = NULL; *crl = NULL;
} }
static int
add_revoked(hx509_context context, void *ctx, hx509_cert cert)
{
TBSCRLCertList *c = ctx;
unsigned int num;
void *ptr;
int ret;
num = c->revokedCertificates->len;
ptr = realloc(c->revokedCertificates->val,
(num + 1) * sizeof(c->revokedCertificates->val[0]));
if (ptr == NULL) {
hx509_clear_error_string(context);
return ENOMEM;
}
c->revokedCertificates->val = ptr;
ret = hx509_cert_get_serialnumber(cert,
&c->revokedCertificates->val[num].userCertificate);
if (ret) {
hx509_clear_error_string(context);
return ret;
}
c->revokedCertificates->val[num].revocationDate.element =
choice_Time_generalTime;
c->revokedCertificates->val[num].revocationDate.u.generalTime =
time(NULL) - 3600 * 24;
c->revokedCertificates->val[num].crlEntryExtensions = NULL;
c->revokedCertificates->len++;
return 0;
}
int int
hx509_crl_sign(hx509_context context, hx509_crl_sign(hx509_context context,
hx509_cert signer, hx509_cert signer,
@@ -1148,14 +1183,31 @@ hx509_crl_sign(hx509_context context,
c.tbsCertList.nextUpdate = malloc(sizeof(*c.tbsCertList.nextUpdate)); c.tbsCertList.nextUpdate = malloc(sizeof(*c.tbsCertList.nextUpdate));
if (c.tbsCertList.nextUpdate == NULL) { if (c.tbsCertList.nextUpdate == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "out of memory"); hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM; ret = ENOMEM;
goto out;
} }
c.tbsCertList.nextUpdate->element = choice_Time_generalTime; c.tbsCertList.nextUpdate->element = choice_Time_generalTime;
c.tbsCertList.nextUpdate->u.generalTime = time(NULL) + 24 * 3600 * 365; c.tbsCertList.nextUpdate->u.generalTime = time(NULL) + 24 * 3600 * 365;
c.tbsCertList.revokedCertificates = NULL; c.tbsCertList.revokedCertificates =
calloc(1, sizeof(*c.tbsCertList.revokedCertificates));
if (c.tbsCertList.revokedCertificates == NULL) {
hx509_set_error_string(context, 0, ENOMEM, "out of memory");
ret = ENOMEM;
goto out;
}
c.tbsCertList.crlExtensions = NULL; c.tbsCertList.crlExtensions = NULL;
ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList);
if (ret)
goto out;
/* if not revoked certs, remove OPTIONAL entry */
if (c.tbsCertList.revokedCertificates->len == 0) {
free(c.tbsCertList.revokedCertificates);
c.tbsCertList.revokedCertificates = NULL;
}
ASN1_MALLOC_ENCODE(TBSCRLCertList, os->data, os->length, ASN1_MALLOC_ENCODE(TBSCRLCertList, os->data, os->length,
&c.tbsCertList, &size, ret); &c.tbsCertList, &size, ret);
if (ret) { if (ret) {