From 887bb5f354350da15ebf7e5172a23c9fb86e1316 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 5 Jun 2007 02:23:45 +0000
Subject: [PATCH] Whine if its a non CA/proxy and doesn't have CRL DP.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20906 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/print.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/hx509/print.c b/lib/hx509/print.c
index 0d35376c8..7b724518b 100644
--- a/lib/hx509/print.c
+++ b/lib/hx509/print.c
@@ -49,6 +49,7 @@ struct cert_status {
     unsigned int haveIAN:1;
     unsigned int haveSKI:1;
     unsigned int haveAKI:1;
+    unsigned int haveCRLDP:1;
 };
 
 
@@ -424,6 +425,8 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
     }
     free_CRLDistributionPoints(&dp);
 
+    status->haveCRLDP = 1;
+
     return 0;
 }
 
@@ -793,6 +796,12 @@ hx509_validate_cert(hx509_context context,
 	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
 		       "NULL subject DN and doesn't have a SAN\n");
 
+    if (!status.isca && !status.isproxy && !status.haveCRLDP) {
+	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
+		       "Not a CA nor PROXY and doesn't have"
+		       "CRL Dist Point\n");
+    }
+
     hx509_name_free(&subject);
     hx509_name_free(&issuer);