More extension code. Incomplete support for subject and issuer alt (175b0942) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+7 −0

Original line number	Diff line number	Diff line
		@@ -5,6 +5,13 @@

		Changes between 0.9.1c and 0.9.2

		*) More extension code. Incomplete support for subject and issuer alt
		name, issuer and authority key id. Change the i2v function parameters
		and add an extra 'crl' parameter in the X509V3_CTX structure: guess
		what that's for :-) Fix to ASN1 macro which messed up
		IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
		[Steve Henson]

		*) Preliminary support for ENUMERATED type. This is largely copied from the
		INTEGER code.
		[Steve Henson]

+9 −3

Original line number	Diff line number	Diff line
		@@ -690,9 +690,8 @@ bad:

		extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
		if(extensions) {

		/* Check syntax of file */
		if(!X509V3_EXT_add_conf(conf, NULL, extensions, NULL)) {
		if(!X509V3_EXT_check_conf(conf, extensions)) {
		BIO_printf(bio_err,
		"Error Loading extension section %s\n",
		extensions);
		@@ -1669,6 +1668,7 @@ again2:
		/* Lets add the extensions, if there are any */
		if (ext_sect)
		{
		X509V3_CTX ctx;
		if (ci->version == NULL)
		if ((ci->version=ASN1_INTEGER_new()) == NULL)
		goto err;
		@@ -1681,7 +1681,13 @@ again2:

		ci->extensions = NULL;

		if(!X509V3_EXT_add_conf(conf, NULL, ext_sect, ret)) goto err;
		ctx.subject_cert = ret;
		ctx.issuer_cert = x509;
		ctx.subject_req = req;
		ctx.crl = NULL;
		ctx.flags = 0;

		if(!X509V3_EXT_add_conf(conf, &ctx, ext_sect, ret)) goto err;

		}

+5 −0

Original line number	Diff line number	Diff line
		@@ -127,6 +127,7 @@ basicConstraints=CA:FALSE
		keyUsage = nonRepudiation, digitalSignature, keyEncipherment

		nsComment = "OpenSSL Generated Certificate"
		subjectKeyIdentifier=hash

		#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
		#nsBaseUrl
		@@ -142,6 +143,10 @@ nsComment = "OpenSSL Generated Certificate"
		# It's a CA certificate
		basicConstraints = CA:true

		# PKIX recommendation.

		subjectKeyIdentifier=hash

		# This is what PKIX recommends but some broken software chokes on critical
		# extensions.
		#basicConstraints = critical,CA:true

+2 −0

Original line number	Diff line number	Diff line
		@@ -657,6 +657,8 @@ loop:
		ext_ctx.issuer_cert = x509ss;
		ext_ctx.subject_cert = x509ss;
		ext_ctx.subject_req = NULL;
		ext_ctx.crl = NULL;
		ext_ctx.flags = 0;

		/* Add extensions */
		if(extensions && !X509V3_EXT_add_conf(req_conf,

+2 −2

Original line number	Diff line number	Diff line
		@@ -34,7 +34,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
		p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
		p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
		f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
		a_hdr.c x_pkey.c a_bool.c x_exten.c \
		f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
		asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
		evp_asn1.c
		LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
		@@ -49,7 +49,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
		p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
		p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
		f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
		a_hdr.o x_pkey.o a_bool.o x_exten.o \
		f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
		asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
		evp_asn1.o