oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(_krb5_pk_load_id): Added certificate revoke information, ie CRL's

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17053 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-04-12 13:19:13 +00:00
parent 1ffa6c23e3
commit 19aee3ece1
1 changed files with 42 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
lib/krb5/pkinit.c
View File

@@ -69,6 +69,7 @@ struct krb5_pk_identity {
hx509_certs certs; hx509_certs certs;
hx509_certs anchors; hx509_certs anchors;
hx509_certs certpool; hx509_certs certpool;
hx509_revoke_ctx revoke;
}; };
struct krb5_pk_cert { struct krb5_pk_cert {
@@ -1144,14 +1145,15 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter)
} }
krb5_error_code KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_FUNCTION
_krb5_pk_load_openssl_id(krb5_context context, _krb5_pk_load_id(krb5_context context,
struct krb5_pk_identity **ret_id, struct krb5_pk_identity **ret_id,
const char *user_id, const char *user_id,
const char *anchor_id, const char *anchor_id,
const char **chain, char * const *chain,
krb5_prompter_fct prompter, char * const *revoke,
void *prompter_data, krb5_prompter_fct prompter,
char *password) void *prompter_data,
char *password)
{ {
struct krb5_pk_identity *id = NULL; struct krb5_pk_identity *id = NULL;
hx509_lock lock = NULL; hx509_lock lock = NULL;
@@ -1222,11 +1224,32 @@ _krb5_pk_load_openssl_id(krb5_context context,
chain++; chain++;
} }
if (revoke) {
ret = hx509_revoke_init(id->hx509ctx, &id->revoke);
if (ret) {
krb5_set_error_string(context, "revoke failed to init");
goto out;
}
while (*revoke) {
ret = hx509_revoke_add_crl(id->hx509ctx, id->revoke, *revoke);
if (ret) {
krb5_set_error_string(context,
"pkinit failed to load revoke %s",
*revoke);
goto out;
}
revoke++;
}
} else
hx509_context_set_missing_revoke(id->hx509ctx, 1);
ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx); ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx);
if (ret) if (ret)
goto out; goto out;
hx509_verify_attach_anchors(id->verify_ctx, id->anchors); hx509_verify_attach_anchors(id->verify_ctx, id->anchors);
hx509_verify_attach_revoke(id->verify_ctx, id->revoke);
out: out:
if (ret) { if (ret) {
@@ -1234,6 +1257,7 @@ out:
hx509_certs_free(&id->certs); hx509_certs_free(&id->certs);
hx509_certs_free(&id->anchors); hx509_certs_free(&id->anchors);
hx509_certs_free(&id->certpool); hx509_certs_free(&id->certpool);
hx509_revoke_free(&id->revoke);
hx509_context_free(&id->hx509ctx); hx509_context_free(&id->hx509ctx);
free(id); free(id);
} else } else
@@ -1541,6 +1565,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
const char *user_id, const char *user_id,
const char *x509_anchors, const char *x509_anchors,
char * const * chain, char * const * chain,
char * const * revoke,
int flags, int flags,
krb5_prompter_fct prompter, krb5_prompter_fct prompter,
void *prompter_data, void *prompter_data,
@@ -1565,14 +1590,15 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
opt->opt_private->pk_init_ctx->clientDHNonce = NULL; opt->opt_private->pk_init_ctx->clientDHNonce = NULL;
opt->opt_private->pk_init_ctx->require_binding = 0; opt->opt_private->pk_init_ctx->require_binding = 0;
ret = _krb5_pk_load_openssl_id(context, ret = _krb5_pk_load_id(context,
&opt->opt_private->pk_init_ctx->id, &opt->opt_private->pk_init_ctx->id,
user_id, user_id,
x509_anchors, x509_anchors,
chain, chain,
prompter, revoke,
prompter_data, prompter,
password); prompter_data,
password);
if (ret) { if (ret) {
free(opt->opt_private->pk_init_ctx); free(opt->opt_private->pk_init_ctx);
opt->opt_private->pk_init_ctx = NULL; opt->opt_private->pk_init_ctx = NULL;