oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Pick out certs in chain.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16876 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-03-31 02:45:00 +00:00
parent 93e4629277
commit 4d9b604abe
1 changed files with 36 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
lib/hx509/revoke.c
View File

@@ -46,6 +46,7 @@ struct revoke_ocsp {
time_t last_modfied; time_t last_modfied;
OCSPBasicOCSPResponse ocsp; OCSPBasicOCSPResponse ocsp;
int verified; int verified;
hx509_certs certs;
}; };
@@ -87,6 +88,7 @@ hx509_revoke_free(hx509_revoke_ctx *revoke)
for (i = 0; i < (*revoke)->ocsps.len; i++) { for (i = 0; i < (*revoke)->ocsps.len; i++) {
free((*revoke)->ocsps.val[i].path); free((*revoke)->ocsps.val[i].path);
free_OCSPBasicOCSPResponse(&(*revoke)->ocsps.val[i].ocsp); free_OCSPBasicOCSPResponse(&(*revoke)->ocsps.val[i].ocsp);
hx509_certs_free(&(*revoke)->ocsps.val[i].certs);
} }
free((*revoke)->crls.val); free((*revoke)->crls.val);
@@ -97,7 +99,7 @@ hx509_revoke_free(hx509_revoke_ctx *revoke)
static int static int
verify_ocsp(hx509_context context, verify_ocsp(hx509_context context,
OCSPBasicOCSPResponse *ocsp, struct revoke_ocsp *ocsp,
time_t time_now, time_t time_now,
hx509_certs certs) hx509_certs certs)
{ {
@@ -108,27 +110,29 @@ verify_ocsp(hx509_context context,
_hx509_query_clear(&q); _hx509_query_clear(&q);
switch(ocsp->tbsResponseData.responderID.element) { switch(ocsp->ocsp.tbsResponseData.responderID.element) {
case choice_OCSPResponderID_byName: case choice_OCSPResponderID_byName:
q.match = HX509_QUERY_MATCH_SUBJECT_NAME; q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
q.subject_name = &ocsp->tbsResponseData.responderID.u.byName; q.subject_name = &ocsp->ocsp.tbsResponseData.responderID.u.byName;
break; break;
case choice_OCSPResponderID_byKey: case choice_OCSPResponderID_byKey:
ret = EINVAL; ret = EINVAL; /* XXX */
goto out; goto out;
} }
os.data = ocsp->signature.data; os.data = ocsp->ocsp.signature.data;
os.length = ocsp->signature.length / 8; os.length = ocsp->ocsp.signature.length / 8;
ret = hx509_certs_find(context, certs, &q, &signer); ret = hx509_certs_find(context, certs, &q, &signer);
if (ret)
ret = hx509_certs_find(context, ocsp->ocsp.certs, &q, &signer);
if (ret) if (ret)
goto out; goto out;
ret = hx509_verify_signature(context, ret = hx509_verify_signature(context,
signer, signer,
&ocsp->signatureAlgorithm, &ocsp->ocsp.signatureAlgorithm,
&ocsp->tbsResponseData._save, &ocsp->ocsp.tbsResponseData._save,
&os); &os);
if (ret) if (ret)
goto out; goto out;
@@ -386,11 +390,34 @@ hx509_revoke_verify(hx509_context context,
ocsp->ocsp = o; ocsp->ocsp = o;
ocsp->verified = 0; ocsp->verified = 0;
} }
if (ocsp->ocsp.certs) {
int j;
hx509_certs_free(&ocsp->certs);
ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
NULL, &ocsp->certs);
if (ret == 0) {
for (j = 0; j < ocsp->ocsp.certs->len; j++) {
hx509_cert c;
ret = hx509_cert_init(context, &ocsp->ocsp.certs->val[j], &c);
if (ret)
continue;
ret = hx509_certs_add(context, ocsp->certs, c);
if (ret)
continue;
} }
}
}
}
/* verify signature in ocsp if not already done */ /* verify signature in ocsp if not already done */
if (ocsp->verified == 0) { if (ocsp->verified == 0) {
ret = verify_ocsp(context, &ocsp->ocsp, now, certs); ret = verify_ocsp(context, ocsp, now, certs);
if (ret) if (ret)
continue; continue;
ocsp->verified = 1; ocsp->verified = 1;