Support for parsing of certificate extensions in PKCS#10 requests: these are (87c49f62) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+6 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,12 @@

		Changes between 0.9.4 and 0.9.5 [xx XXX 1999]

		*) Initial support for certificate extension requests, these are included
		in things like Xenroll certificate requests. They will later be used to
		allow PKCS#10 requests to include a list of "requested extensions" which
		can be added.
		[Steve Henson]

		*) -crlf option to s_client and s_server for sending newlines as
		CRLF (as required by many protocols).
		[Bodo Moeller]

+2 −2

Original line number	Diff line number	Diff line

		OpenSSL STATUS Last modified at
		______________ $Date: 1999/08/09 11:14:06 $
		______________ $Date: 1999/08/09 22:37:59 $

		DEVELOPMENT STATE

		@@ -15,7 +15,6 @@

		AVAILABLE PATCHES

		o OCSP (titchenert@certco.com)
		o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)

		IN PROGRESS
		@@ -24,6 +23,7 @@
		Proper (or at least usable) certificate chain verification.
		Private key, certificate and CRL API and implementation.
		Checking and bugfixing PKCS#7 (S/MIME code).
		Various X509 issues: character sets, certificate request extensions.

		o Mark is currently working on:
		Folding in any changes that are in the C2Net code base that were

+27 −0

Original line number	Diff line number	Diff line
		@@ -62,6 +62,7 @@
		#include <openssl/bn.h>
		#include <openssl/objects.h>
		#include <openssl/x509.h>
		#include <openssl/x509v3.h>

		#ifndef NO_FP_API
		int X509_REQ_print_fp(FILE fp, X509_REQ x)
		@@ -90,6 +91,7 @@ int X509_REQ_print(BIO bp, X509_REQ x)
		X509_REQ_INFO *ri;
		EVP_PKEY *pkey;
		STACK_OF(X509_ATTRIBUTE) *sk;
		STACK_OF(X509_EXTENSION) *exts;
		char str[128];

		ri=x->req_info;
		@@ -161,6 +163,8 @@ int X509_REQ_print(BIO bp, X509_REQ x)
		int j,type=0,count=1,ii=0;

		a=sk_X509_ATTRIBUTE_value(sk,i);
		if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
		continue;
		sprintf(str,"%12s","");
		if (BIO_puts(bp,str) <= 0) goto err;
		if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
		@@ -201,6 +205,29 @@ get_next:
		}
		}

		exts = X509_REQ_get_extensions(x);
		if(exts) {
		BIO_printf(bp,"%8sRequested Extensions:\n","");
		for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
		ASN1_OBJECT *obj;
		X509_EXTENSION *ex;
		int j;
		ex=sk_X509_EXTENSION_value(exts, i);
		if (BIO_printf(bp,"%12s","") <= 0) goto err;
		obj=X509_EXTENSION_get_object(ex);
		i2a_ASN1_OBJECT(bp,obj);
		j=X509_EXTENSION_get_critical(ex);
		if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
		goto err;
		if(!X509V3_EXT_print(bp, ex, 0, 16)) {
		BIO_printf(bp, "%16s", "");
		ASN1_OCTET_STRING_print(bp,ex->value);
		}
		if (BIO_write(bp,"\n",1) <= 0) goto err;
		}
		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
		}

		i=OBJ_obj2nid(x->sig_alg->algorithm);
		sprintf(str,"%4sSignature Algorithm: %s","",
		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));

+0 −4

Original line number	Diff line number	Diff line
		@@ -188,11 +188,7 @@ int X509_print(BIO bp, X509 x)
		BIO_printf(bp,"%8sX509v3 extensions:\n","");
		for (i=0; i<n; i++)
		{
		#if 0
		int data_type,pack_type;
		#endif
		ASN1_OBJECT *obj;

		ex=X509_get_ext(x,i);
		if (BIO_printf(bp,"%12s","") <= 0) goto err;
		obj=X509_EXTENSION_get_object(ex);

+12 −0

Original line number	Diff line number	Diff line
		@@ -890,6 +890,18 @@ extern "C" {
		#define NID_pbeWithSHA1AndDES_CBC 170
		#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L

		/* Extension request OIDs */

		#define LN_ms_ext_req "Microsoft Extension Request"
		#define SN_ms_ext_req "msExtReq"
		#define NID_ms_ext_req 171
		#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L

		#define LN_ext_req "Extension Request"
		#define SN_ext_req "extReq"
		#define NID_ext_req 172
		#define OBJ_ext_req OBJ_pkcs9,14L

		#include <openssl/bio.h>
		#include <openssl/asn1.h>