Locally export _hx509_find_extension_subject_key_id.
Handle AuthorityKeyIdentifier where only authorityCertSerialNumber and authorityCertSerialNumber is set. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19587 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
		| @@ -382,8 +382,8 @@ find_extension_auth_key_id(const Certificate *subject, | |||||||
| 					 ai, &size); | 					 ai, &size); | ||||||
| } | } | ||||||
|  |  | ||||||
| static int | int | ||||||
| find_extension_subject_key_id(const Certificate *issuer, | _hx509_find_extension_subject_key_id(const Certificate *issuer, | ||||||
| 				     SubjectKeyIdentifier *si) | 				     SubjectKeyIdentifier *si) | ||||||
| { | { | ||||||
|     const Extension *e; |     const Extension *e; | ||||||
| @@ -657,7 +657,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, | |||||||
|     ret_ai = find_extension_auth_key_id(subject, &ai); |     ret_ai = find_extension_auth_key_id(subject, &ai); | ||||||
|     if (ret_ai && ret_ai != HX509_EXTENSION_NOT_FOUND) |     if (ret_ai && ret_ai != HX509_EXTENSION_NOT_FOUND) | ||||||
| 	return 1; | 	return 1; | ||||||
|     ret_si = find_extension_subject_key_id(issuer, &si); |     ret_si = _hx509_find_extension_subject_key_id(issuer, &si); | ||||||
|     if (ret_si && ret_si != HX509_EXTENSION_NOT_FOUND) |     if (ret_si && ret_si != HX509_EXTENSION_NOT_FOUND) | ||||||
| 	return -1; | 	return -1; | ||||||
|  |  | ||||||
| @@ -666,16 +666,43 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, | |||||||
|     if (ret_ai) |     if (ret_ai) | ||||||
| 	goto out; | 	goto out; | ||||||
|     if (ret_si) { |     if (ret_si) { | ||||||
| 	if (allow_self_signed) | 	if (allow_self_signed) { | ||||||
| 	    diff = 0; | 	    diff = 0; | ||||||
| 	else | 	    goto out; | ||||||
|  | 	} else if (ai.keyIdentifier) { | ||||||
| 	    diff = -1; | 	    diff = -1; | ||||||
| 	    goto out; | 	    goto out; | ||||||
| 	} | 	} | ||||||
|  |     } | ||||||
|      |      | ||||||
|     if (ai.keyIdentifier == NULL) /* XXX */ |     if (ai.keyIdentifier == NULL) { | ||||||
| 	diff = -1;  | 	Name name; | ||||||
|     else |  | ||||||
|  | 	if (ai.authorityCertIssuer == NULL) | ||||||
|  | 	    return -1; | ||||||
|  | 	if (ai.authorityCertSerialNumber == NULL) | ||||||
|  | 	    return -1; | ||||||
|  |  | ||||||
|  | 	diff = der_heim_integer_cmp(ai.authorityCertSerialNumber,  | ||||||
|  | 				    &issuer->tbsCertificate.serialNumber); | ||||||
|  | 	if (diff) | ||||||
|  | 	    return diff; | ||||||
|  | 	if (ai.authorityCertIssuer->len != 1) | ||||||
|  | 	    return -1; | ||||||
|  | 	if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName) | ||||||
|  | 	    return -1; | ||||||
|  | 	 | ||||||
|  | 	name.element =  | ||||||
|  | 	    ai.authorityCertIssuer->val[0].u.directoryName.element; | ||||||
|  | 	name.u.rdnSequence =  | ||||||
|  | 	    ai.authorityCertIssuer->val[0].u.directoryName.u.rdnSequence; | ||||||
|  |  | ||||||
|  | 	diff = _hx509_name_cmp(&issuer->tbsCertificate.subject,  | ||||||
|  | 			       &name); | ||||||
|  | 	if (diff) | ||||||
|  | 	    return diff; | ||||||
|  | 	diff = 0; | ||||||
|  |     } else | ||||||
| 	diff = der_heim_octet_string_cmp(ai.keyIdentifier, &si); | 	diff = der_heim_octet_string_cmp(ai.keyIdentifier, &si); | ||||||
|     if (diff) |     if (diff) | ||||||
| 	goto out; | 	goto out; | ||||||
| @@ -2019,7 +2046,7 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert | |||||||
| 	SubjectKeyIdentifier si; | 	SubjectKeyIdentifier si; | ||||||
| 	int ret; | 	int ret; | ||||||
|  |  | ||||||
| 	ret = find_extension_subject_key_id(c, &si); | 	ret = _hx509_find_extension_subject_key_id(c, &si); | ||||||
| 	if (ret == 0) { | 	if (ret == 0) { | ||||||
| 	    if (der_heim_octet_string_cmp(&si, q->subject_id) != 0) | 	    if (der_heim_octet_string_cmp(&si, q->subject_id) != 0) | ||||||
| 		ret = 1; | 		ret = 1; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Love Hörnquist Åstrand
					Love Hörnquist Åstrand