(hx509_query_match_eku): update to support the NULL eku (reset),

clearify the old behaivor with regards repetitive calls. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22539 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-01-27 13:15:07 +00:00
parent 0ff6dbc8bb
commit b5cdbe6fa5
1 changed files with 25 additions and 15 deletions
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -2610,11 +2610,12 @@ hx509_query_match_friendly_name(hx509_query *q, const char *name)
 }

 /**
- * Set the query controller to require an specific EKU (extended key
- * usage).
+ * Set the query controller to require an one specific EKU (extended
+ * key usage). Any previous EKU matching is overwitten. If NULL is
+ * passed in as the eku, the EKU requirement is reset.
 *
 * @param q a hx509 query controller.
- * @param eku an EKU to match on
+ * @param eku an EKU to match on.
 *
 * @return An hx509 error code, see hx509_get_error_string().
 *
@@ -2626,20 +2627,29 @@ hx509_query_match_eku(hx509_query *q, const heim_oid *eku)
 {
    int ret;

-    if (q->eku) {
-	der_free_oid(q->eku);
+    if (eku == NULL) {
+	if (q->eku) {
+	    der_free_oid(q->eku);
+	    free(q->eku);
+	    q->eku = NULL;
+	}
+	q->match &= ~HX509_QUERY_MATCH_EKU;
    } else {
-	q->eku = calloc(1, sizeof(*q->eku));
-	if (q->eku == NULL)
-	    return ENOMEM;
+	if (q->eku) {
+	    der_free_oid(q->eku);
+	} else {
+	    q->eku = calloc(1, sizeof(*q->eku));
+	    if (q->eku == NULL)
+		return ENOMEM;
+	}
+	ret = der_copy_oid(eku, q->eku);
+	if (ret) {
+	    free(q->eku);
+	    q->eku = NULL;
+	    return ret;
+	}
+	q->match |= HX509_QUERY_MATCH_EKU;
    }
-    ret = der_copy_oid(eku, q->eku);
-    if (ret) {
-	free(q->eku);
-	q->eku = NULL;
-	return ret;
-    }
-    q->match |= HX509_QUERY_MATCH_EKU;
    return 0;
 }