Add glue for adding CRL dps.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20731 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-05-31 15:32:30 +00:00
parent 93c3659a8c
commit 26d6112116

View File

@@ -52,9 +52,7 @@ struct hx509_ca_tbs {
time_t notBefore;
time_t notAfter;
int pathLenConstraint; /* both for CA and Proxy */
#ifdef HAVE_CRLDistributionPoints
CRLDistributionPoints crldp;
#endif
};
int
@@ -70,10 +68,8 @@ hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs)
(*tbs)->eku.len = 0;
(*tbs)->eku.val = NULL;
(*tbs)->pathLenConstraint = 0;
#ifdef HAVE_CRLDistributionPoints
(*tbs)->crldp.len = 0;
(*tbs)->crldp.val = NULL;
#endif
return 0;
}
@@ -88,9 +84,7 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs)
free_GeneralNames(&(*tbs)->san);
free_ExtKeyUsage(&(*tbs)->eku);
der_free_heim_integer(&(*tbs)->serial);
#ifdef HAVE_CRLDistributionPoints
free_CRLDistributionPoints(&(*tbs)->crldp);
#endif
hx509_name_free(&(*tbs)->subject);
@@ -297,32 +291,46 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
const char *uri,
hx509_name issuername)
{
#ifdef HAVE_CRLDistributionPoints
GeneralNames crlissuer;
DistributionPoint dp;
DistributionPointName name;
int ret;
memset(&dp, 0, sizeof(dp));
memset(&name, 0, sizeof(name));
memset(&crlissuer, 0, sizeof(crlissuer));
dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint));
{
DistributionPointName name;
GeneralName gn;
size_t size;
name.element = choice_DistributionPointName_fullName;
name.u.fullName.len = 1;
name.u.fullName.val = &gn;
gn.element = choice_GeneralName_uniformResourceIdentifier;
gn.u.uniformResourceIdentifier = rk_UNCONST(uri);
name.element = choice_DistributionPointName_fullName;
ret = add_GeneralNames(&name.u.fullName, &gn);
ASN1_MALLOC_ENCODE(DistributionPointName,
dp.distributionPoint->data,
dp.distributionPoint->length,
&name, &size, ret);
if (ret) {
hx509_set_error_string(context, 0, ret, "out of memory");
hx509_set_error_string(context, 0, ret,
"Failed to encoded DistributionPointName");
goto out;
}
if (dp.distributionPoint->length != size)
_hx509_abort("internal ASN.1 encoder error");
}
dp.distributionPoint = &name;
if (issuername) {
#if 1
hx509_set_error_string(context, 0, EINVAL,
"CRLDistributionPoints.name.issuername not yet supported");
return EINVAL;
#else
GeneralName gn;
Name n;
@@ -344,6 +352,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
}
dp.cRLIssuer = &crlissuer;
#endif
}
ret = add_CRLDistributionPoints(&tbs->crldp, &dp);
@@ -354,14 +363,8 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
out:
free_GeneralNames(&crlissuer);
free_DistributionPointName(&name);
return ret;
#else
hx509_set_error_string(context, 0, EINVAL,
"CRLDistributionPoints not yet supported");
return EINVAL;
#endif /* HAVE_CRLDistributionPoints */
}
int
@@ -1000,7 +1003,6 @@ ca_sign(hx509_context context,
goto out;
}
#ifdef HAVE_CRLDistributionPoints
if (tbs->crldp.len) {
ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length,
@@ -1018,7 +1020,6 @@ ca_sign(hx509_context context,
if (ret)
goto out;
}
#endif
ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret);
if (ret) {