oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(_hx509_calculate_path): allow to calculate optimistic path when we

Browse Source 
don't know the trust anchors, just follow the chain upward until we no
longer find a parent or we hit the max limit.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19096 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-11-23 18:11:22 +00:00
parent b10833408a
commit 1a89ccbde3
1 changed files with 17 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/hx509/cert.c
View File

@@ -765,20 +765,13 @@ find_parent(hx509_context context,
}
}
#if 0
/*
* Assume trust anchors isn't proxy certificates, require
* KeyUsage.KeyCertSign
*/
q.match |= HX509_QUERY_KU_KEYCERTSIGN;
#endif
if (trust_anchors) {
ret = hx509_certs_find(context, trust_anchors, &q, parent);
if (ret == 0) {
free_AuthorityKeyIdentifier(&ai);
return ret;
}
}
free_AuthorityKeyIdentifier(&ai);
{
@@ -881,8 +874,13 @@ _hx509_path_free(hx509_path *path)
/*
* Find path by looking up issuer for the top certificate and continue
* until an anchor certificate is found. A certificate never included
* twice in the path.
* until an anchor certificate is found or max limit is found. A
* certificate never included twice in the path.
*
* If the trust anchors are not given, calculate optimistic path, just
* follow the chain upward until we no longer find a parent or we hit
* the max path limit. In this case, a failure will always be returned
* depending on what error condition is hit first.
*
* The path includes a path from the top certificate to the anchor
* certificate.
@@ -893,7 +891,7 @@ _hx509_path_free(hx509_path *path)
int
_hx509_calculate_path(hx509_context context,
hx509_certs trust_anchors,
hx509_certs anchors,
unsigned int max_depth,
hx509_cert cert,
hx509_certs pool,
@@ -911,9 +909,9 @@ _hx509_calculate_path(hx509_context context,
current = hx509_cert_ref(cert);
while (!certificate_is_anchor(context, trust_anchors, current)) {
while (anchors == NULL || !certificate_is_anchor(context, anchors, current)) {
ret = find_parent(context, trust_anchors, path, pool, current, &parent);
ret = find_parent(context, anchors, path, pool, current, &parent);
hx509_cert_free(current);
if (ret)
return ret;
@@ -1690,6 +1688,7 @@ hx509_verify_signature(hx509_context context,
const heim_octet_string *data,
const heim_octet_string *sig)
{
hx509_clear_error_string(context);
return _hx509_verify_signature(signer->data, alg, data, sig);
}