Add glue for adding CRL dps.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20731 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/hx509/ca.c

@@ -52,9 +52,7 @@ struct hx509_ca_tbs {
     time_t notBefore;
     time_t notAfter;
     int pathLenConstraint; /* both for CA and Proxy */
-#ifdef HAVE_CRLDistributionPoints
     CRLDistributionPoints crldp;
-#endif
 };
 
 int
@@ -70,10 +68,8 @@ hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs)
     (*tbs)->eku.len = 0;
     (*tbs)->eku.val = NULL;
     (*tbs)->pathLenConstraint = 0;
-#ifdef HAVE_CRLDistributionPoints
     (*tbs)->crldp.len = 0;
     (*tbs)->crldp.val = NULL;
-#endif
 
     return 0;
 }
@@ -88,9 +84,7 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs)
     free_GeneralNames(&(*tbs)->san);
     free_ExtKeyUsage(&(*tbs)->eku);
     der_free_heim_integer(&(*tbs)->serial);
-#ifdef HAVE_CRLDistributionPoints
     free_CRLDistributionPoints(&(*tbs)->crldp);
-#endif
 
     hx509_name_free(&(*tbs)->subject);
 
@@ -297,32 +291,46 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
 			    const char *uri,
 			    hx509_name issuername)
 {
-#ifdef HAVE_CRLDistributionPoints
     GeneralNames crlissuer;
     DistributionPoint dp;
-    DistributionPointName name;
     int ret;
 
     memset(&dp, 0, sizeof(dp));
-    memset(&name, 0, sizeof(name));
     memset(&crlissuer, 0, sizeof(crlissuer));
+    
+    dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint));
 
     {
+	DistributionPointName name;
 	GeneralName gn;
+	size_t size;
+
+	name.element = choice_DistributionPointName_fullName;
+	name.u.fullName.len = 1;
+	name.u.fullName.val = &gn;
 
 	gn.element = choice_GeneralName_uniformResourceIdentifier;
 	gn.u.uniformResourceIdentifier = rk_UNCONST(uri);
 
-	name.element = choice_DistributionPointName_fullName;
-	ret = add_GeneralNames(&name.u.fullName, &gn);
+	ASN1_MALLOC_ENCODE(DistributionPointName, 
+			   dp.distributionPoint->data, 
+			   dp.distributionPoint->length,
+			   &name, &size, ret);
 	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "out of memory");
+	    hx509_set_error_string(context, 0, ret,
+				   "Failed to encoded DistributionPointName");
 	    goto out;
 	}
+	if (dp.distributionPoint->length != size)
+	    _hx509_abort("internal ASN.1 encoder error");
     }
-    dp.distributionPoint = &name;
 
     if (issuername) {
+#if 1
+	hx509_set_error_string(context, 0, EINVAL,
+			       "CRLDistributionPoints.name.issuername not yet supported");
+	return EINVAL;
+#else 
 	GeneralName gn;
 	Name n;
 
@@ -344,6 +352,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
 	}
 
 	dp.cRLIssuer = &crlissuer;
+#endif
     }
 
     ret = add_CRLDistributionPoints(&tbs->crldp, &dp);
@@ -354,14 +363,8 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
 
 out:
     free_GeneralNames(&crlissuer);
-    free_DistributionPointName(&name);
 
     return ret;
-#else 
-    hx509_set_error_string(context, 0, EINVAL,
-			   "CRLDistributionPoints not yet supported");
-    return EINVAL;
-#endif /* HAVE_CRLDistributionPoints */
 }
 
 int
@@ -1000,7 +1003,6 @@ ca_sign(hx509_context context,
 	    goto out;
     }
 
-#ifdef HAVE_CRLDistributionPoints
     if (tbs->crldp.len) {
 
 	ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length,
@@ -1018,7 +1020,6 @@ ca_sign(hx509_context context,
 	if (ret)
 	    goto out;
     }
-#endif
 
     ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret);
     if (ret) {