From 26d6112116a502187c45dc699e79ad8a0249859f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 31 May 2007 15:32:30 +0000 Subject: [PATCH] Add glue for adding CRL dps. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20731 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/ca.c | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c index 31b6bdcd5..f660aea3c 100644 --- a/lib/hx509/ca.c +++ b/lib/hx509/ca.c @@ -52,9 +52,7 @@ struct hx509_ca_tbs { time_t notBefore; time_t notAfter; int pathLenConstraint; /* both for CA and Proxy */ -#ifdef HAVE_CRLDistributionPoints CRLDistributionPoints crldp; -#endif }; int @@ -70,10 +68,8 @@ hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs) (*tbs)->eku.len = 0; (*tbs)->eku.val = NULL; (*tbs)->pathLenConstraint = 0; -#ifdef HAVE_CRLDistributionPoints (*tbs)->crldp.len = 0; (*tbs)->crldp.val = NULL; -#endif return 0; } @@ -88,9 +84,7 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs) free_GeneralNames(&(*tbs)->san); free_ExtKeyUsage(&(*tbs)->eku); der_free_heim_integer(&(*tbs)->serial); -#ifdef HAVE_CRLDistributionPoints free_CRLDistributionPoints(&(*tbs)->crldp); -#endif hx509_name_free(&(*tbs)->subject); @@ -297,32 +291,46 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, const char *uri, hx509_name issuername) { -#ifdef HAVE_CRLDistributionPoints GeneralNames crlissuer; DistributionPoint dp; - DistributionPointName name; int ret; memset(&dp, 0, sizeof(dp)); - memset(&name, 0, sizeof(name)); memset(&crlissuer, 0, sizeof(crlissuer)); + + dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint)); { + DistributionPointName name; GeneralName gn; + size_t size; + + name.element = choice_DistributionPointName_fullName; + name.u.fullName.len = 1; + name.u.fullName.val = &gn; gn.element = choice_GeneralName_uniformResourceIdentifier; gn.u.uniformResourceIdentifier = rk_UNCONST(uri); - name.element = choice_DistributionPointName_fullName; - ret = add_GeneralNames(&name.u.fullName, &gn); + ASN1_MALLOC_ENCODE(DistributionPointName, + dp.distributionPoint->data, + dp.distributionPoint->length, + &name, &size, ret); if (ret) { - hx509_set_error_string(context, 0, ret, "out of memory"); + hx509_set_error_string(context, 0, ret, + "Failed to encoded DistributionPointName"); goto out; } + if (dp.distributionPoint->length != size) + _hx509_abort("internal ASN.1 encoder error"); } - dp.distributionPoint = &name; if (issuername) { +#if 1 + hx509_set_error_string(context, 0, EINVAL, + "CRLDistributionPoints.name.issuername not yet supported"); + return EINVAL; +#else GeneralName gn; Name n; @@ -344,6 +352,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, } dp.cRLIssuer = &crlissuer; +#endif } ret = add_CRLDistributionPoints(&tbs->crldp, &dp); @@ -354,14 +363,8 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, out: free_GeneralNames(&crlissuer); - free_DistributionPointName(&name); return ret; -#else - hx509_set_error_string(context, 0, EINVAL, - "CRLDistributionPoints not yet supported"); - return EINVAL; -#endif /* HAVE_CRLDistributionPoints */ } int @@ -1000,7 +1003,6 @@ ca_sign(hx509_context context, goto out; } -#ifdef HAVE_CRLDistributionPoints if (tbs->crldp.len) { ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length, @@ -1018,7 +1020,6 @@ ca_sign(hx509_context context, if (ret) goto out; } -#endif ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret); if (ret) {