oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

match rfc822 contrains better, provide better error strings.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21899 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-08-09 14:05:47 +00:00
parent bf07743343
commit e12f8a96f8
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/hx509/cert.c
View File

@@ -1231,7 +1231,6 @@ add_name_constraints(hx509_context context, const Certificate *c, int not_ca,
"have NameConstraints"); "have NameConstraints");
} else { } else {
NameConstraints *val; NameConstraints *val;
printf("adding nc\n");
val = realloc(nc->val, sizeof(nc->val[0]) * (nc->len + 1)); val = realloc(nc->val, sizeof(nc->val[0]) * (nc->len + 1));
if (val == NULL) { if (val == NULL) {
hx509_clear_error_string(context); hx509_clear_error_string(context);
@@ -1324,7 +1323,7 @@ match_general_name(const GeneralName *c, const GeneralName *n, int *match)
return HX509_NAME_CONSTRAINT_ERROR; return HX509_NAME_CONSTRAINT_ERROR;
if (strcasecmp(s + 1 + len2 - len1, c->u.rfc822Name) != 0) if (strcasecmp(s + 1 + len2 - len1, c->u.rfc822Name) != 0)
return HX509_NAME_CONSTRAINT_ERROR; return HX509_NAME_CONSTRAINT_ERROR;
if (len1 < len2 && s[len2 - len1] != '.') if (len1 < len2 && s[len2 - len1 + 1] != '.')
return HX509_NAME_CONSTRAINT_ERROR; return HX509_NAME_CONSTRAINT_ERROR;
} }
*match = 1; *match = 1;
@@ -1395,7 +1394,6 @@ match_alt_name(const GeneralName *n, const Certificate *c,
} }
free_GeneralNames(&sa); free_GeneralNames(&sa);
} while (1); } while (1);
return ret; return ret;
} }
@@ -1465,7 +1463,10 @@ check_name_constraints(hx509_context context,
} }
/* allow null subjectNames, they wont matches anything */ /* allow null subjectNames, they wont matches anything */
if (match == 0 && !subject_null_p(c)) { if (match == 0 && !subject_null_p(c)) {
hx509_clear_error_string(context); hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
"Error verify constraints, "
"certificate didn't match any "
"permitted subtree");
return HX509_VERIFY_CONSTRAINTS; return HX509_VERIFY_CONSTRAINTS;
} }
} }
@@ -1477,7 +1478,10 @@ check_name_constraints(hx509_context context,
return ret; return ret;
} }
if (match) { if (match) {
hx509_clear_error_string(context); hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
"Error verify constraints, "
"certificate included in excluded "
"subtree");
return HX509_VERIFY_CONSTRAINTS; return HX509_VERIFY_CONSTRAINTS;
} }
} }