Add glue for adding CRL dps.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20731 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -52,9 +52,7 @@ struct hx509_ca_tbs {
|
||||
time_t notBefore;
|
||||
time_t notAfter;
|
||||
int pathLenConstraint; /* both for CA and Proxy */
|
||||
#ifdef HAVE_CRLDistributionPoints
|
||||
CRLDistributionPoints crldp;
|
||||
#endif
|
||||
};
|
||||
|
||||
int
|
||||
@@ -70,10 +68,8 @@ hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs)
|
||||
(*tbs)->eku.len = 0;
|
||||
(*tbs)->eku.val = NULL;
|
||||
(*tbs)->pathLenConstraint = 0;
|
||||
#ifdef HAVE_CRLDistributionPoints
|
||||
(*tbs)->crldp.len = 0;
|
||||
(*tbs)->crldp.val = NULL;
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -88,9 +84,7 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs)
|
||||
free_GeneralNames(&(*tbs)->san);
|
||||
free_ExtKeyUsage(&(*tbs)->eku);
|
||||
der_free_heim_integer(&(*tbs)->serial);
|
||||
#ifdef HAVE_CRLDistributionPoints
|
||||
free_CRLDistributionPoints(&(*tbs)->crldp);
|
||||
#endif
|
||||
|
||||
hx509_name_free(&(*tbs)->subject);
|
||||
|
||||
@@ -297,32 +291,46 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
|
||||
const char *uri,
|
||||
hx509_name issuername)
|
||||
{
|
||||
#ifdef HAVE_CRLDistributionPoints
|
||||
GeneralNames crlissuer;
|
||||
DistributionPoint dp;
|
||||
DistributionPointName name;
|
||||
int ret;
|
||||
|
||||
memset(&dp, 0, sizeof(dp));
|
||||
memset(&name, 0, sizeof(name));
|
||||
memset(&crlissuer, 0, sizeof(crlissuer));
|
||||
|
||||
dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint));
|
||||
|
||||
{
|
||||
DistributionPointName name;
|
||||
GeneralName gn;
|
||||
size_t size;
|
||||
|
||||
name.element = choice_DistributionPointName_fullName;
|
||||
name.u.fullName.len = 1;
|
||||
name.u.fullName.val = &gn;
|
||||
|
||||
gn.element = choice_GeneralName_uniformResourceIdentifier;
|
||||
gn.u.uniformResourceIdentifier = rk_UNCONST(uri);
|
||||
|
||||
name.element = choice_DistributionPointName_fullName;
|
||||
ret = add_GeneralNames(&name.u.fullName, &gn);
|
||||
ASN1_MALLOC_ENCODE(DistributionPointName,
|
||||
dp.distributionPoint->data,
|
||||
dp.distributionPoint->length,
|
||||
&name, &size, ret);
|
||||
if (ret) {
|
||||
hx509_set_error_string(context, 0, ret, "out of memory");
|
||||
hx509_set_error_string(context, 0, ret,
|
||||
"Failed to encoded DistributionPointName");
|
||||
goto out;
|
||||
}
|
||||
if (dp.distributionPoint->length != size)
|
||||
_hx509_abort("internal ASN.1 encoder error");
|
||||
}
|
||||
dp.distributionPoint = &name;
|
||||
|
||||
if (issuername) {
|
||||
#if 1
|
||||
hx509_set_error_string(context, 0, EINVAL,
|
||||
"CRLDistributionPoints.name.issuername not yet supported");
|
||||
return EINVAL;
|
||||
#else
|
||||
GeneralName gn;
|
||||
Name n;
|
||||
|
||||
@@ -344,6 +352,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
|
||||
}
|
||||
|
||||
dp.cRLIssuer = &crlissuer;
|
||||
#endif
|
||||
}
|
||||
|
||||
ret = add_CRLDistributionPoints(&tbs->crldp, &dp);
|
||||
@@ -354,14 +363,8 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
|
||||
|
||||
out:
|
||||
free_GeneralNames(&crlissuer);
|
||||
free_DistributionPointName(&name);
|
||||
|
||||
return ret;
|
||||
#else
|
||||
hx509_set_error_string(context, 0, EINVAL,
|
||||
"CRLDistributionPoints not yet supported");
|
||||
return EINVAL;
|
||||
#endif /* HAVE_CRLDistributionPoints */
|
||||
}
|
||||
|
||||
int
|
||||
@@ -1000,7 +1003,6 @@ ca_sign(hx509_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CRLDistributionPoints
|
||||
if (tbs->crldp.len) {
|
||||
|
||||
ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length,
|
||||
@@ -1018,7 +1020,6 @@ ca_sign(hx509_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
#endif
|
||||
|
||||
ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret);
|
||||
if (ret) {
|
||||
|
Reference in New Issue
Block a user