Commit a7201e9a authored by Richard Levitte's avatar Richard Levitte
Browse files

Changes concering RFC 3820 (proxy certificates) integration: 

 - Enforce that there should be no policy settings when the language
   is one of id-ppl-independent or id-ppl-inheritAll.
 - Add functionality to ssltest.c so that it can process proxy rights
   and check that they are set correctly.  Rights consist of ASCII
   letters, and the condition is a boolean expression that includes
   letters, parenthesis, &, | and ^.
 - Change the proxy certificate configurations so they get proxy
   rights that are understood by ssltest.c.
 - Add a script that tests proxy certificates with SSL operations.

Other changes:

 - Change the copyright end year in mkerr.pl.
 - make update.
parent fcd5cca4

crypto/Makefile.ssl

+2 −2
Original line number Diff line number Diff line
@@ -227,8 +227,8 @@ mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h 
mem_dbg.o: mem_dbg.c

o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h

o_dir.o: LPdir_unix.c o_dir.c o_dir.h

o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c

o_str.o: o_str.h

o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h

o_str.o: o_str.c o_str.h

o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c

o_time.o: o_time.h

tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h

crypto/comp/Makefile.ssl

+2 −1
Original line number Diff line number Diff line
@@ -91,7 +91,8 @@ c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 
c_rle.o: ../../include/openssl/symhacks.h c_rle.c

c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

c_zlib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h

c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h

c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

c_zlib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h

c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

crypto/x509/x509_vfy.c

+1 −0
Original line number Diff line number Diff line
@@ -994,6 +994,7 @@ static int internal_verify(X509_STORE_CTX *ctx) 
			goto end;



		/* The last error (if any) is still in the error value */

		ctx->current_issuer=xi;

		ctx->current_cert=xs;

		ok=(*cb)(1,ctx);

		if (!ok) goto end;

crypto/x509v3/v3_pci.c

+6 −0
Original line number Diff line number Diff line
@@ -273,6 +273,12 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, 
		X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);

		goto err;

		}

	i = OBJ_obj2nid(language);

	if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)

		{

		X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);

		goto err;

		}



	pci = PROXY_CERT_INFO_EXTENSION_new();

	if (!pci)

crypto/x509v3/v3err.c

+2 −1
Original line number Diff line number Diff line 
/* crypto/x509v3/v3err.c */

/* ====================================================================

 * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions
@@ -172,6 +172,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= 
{X509V3_R_POLICY_PATH_LENGTH             ,"policy path length"},

{X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED,"policy path length alreadty defined"},

{X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED,"policy syntax not currently supported"},

{X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY,"policy when proxy language requires no policy"},

{X509V3_R_SECTION_NOT_FOUND              ,"section not found"},

{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS   ,"unable to get issuer details"},

{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID     ,"unable to get issuer keyid"},