Loading CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] *) New function X509_cmp(). Oddly enough there wasn't a function to compare two certificates. We do this by working out the SHA1 hash and comparing that. X509_cmp() will be needed by the trust code. [Steve Henson] *) Correctly increment the reference count in the SSL_SESSION pointer returned from SSL_get_session(). [Geoff Thorpe <geoff@eu.c2.net>] Loading crypto/x509/x509.h +2 −0 Original line number Diff line number Diff line Loading @@ -269,6 +269,7 @@ typedef struct x509_st unsigned long ex_kusage; unsigned long ex_xkusage; unsigned long ex_nscert; unsigned char sha1_hash[SHA_DIGEST_LENGTH]; X509_CERT_AUX *aux; } X509; Loading Loading @@ -869,6 +870,7 @@ unsigned long X509_issuer_name_hash(X509 *a); int X509_subject_name_cmp(X509 *a,X509 *b); unsigned long X509_subject_name_hash(X509 *x); int X509_cmp (X509 *a, X509 *b); int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); Loading crypto/x509/x509_cmp.c +11 −0 Original line number Diff line number Diff line Loading @@ -61,6 +61,7 @@ #include <openssl/asn1.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/x509v3.h> int X509_issuer_and_serial_cmp(X509 *a, X509 *b) { Loading Loading @@ -135,6 +136,16 @@ unsigned long X509_subject_name_hash(X509 *x) { return(X509_NAME_hash(x->cert_info->subject)); } /* Compare two certificates: they must be identical for * this to work. */ int X509_cmp(X509 *a, X509 *b) { /* ensure hash is valid */ X509_check_purpose(a, -1, 0); X509_check_purpose(b, -1, 0); return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); } int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) { Loading crypto/x509v3/v3_purp.c +3 −1 Original line number Diff line number Diff line Loading @@ -103,6 +103,7 @@ int X509_check_purpose(X509 *x, int id, int ca) x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); } if(id == -1) return 1; idx = x509_purpose_get_idx(id); if(idx == -1) return -1; pt = sk_X509_PURPOSE_value(xptable, idx); Loading Loading @@ -199,6 +200,7 @@ static void x509v3_cache_extensions(X509 *x) STACK_OF(ASN1_OBJECT) *extusage; int i; if(x->ex_flags & EXFLAG_SET) return; X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); /* Does subject name match issuer ? */ if(X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) x->ex_flags |= EXFLAG_SS; Loading Loading
CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] *) New function X509_cmp(). Oddly enough there wasn't a function to compare two certificates. We do this by working out the SHA1 hash and comparing that. X509_cmp() will be needed by the trust code. [Steve Henson] *) Correctly increment the reference count in the SSL_SESSION pointer returned from SSL_get_session(). [Geoff Thorpe <geoff@eu.c2.net>] Loading
crypto/x509/x509.h +2 −0 Original line number Diff line number Diff line Loading @@ -269,6 +269,7 @@ typedef struct x509_st unsigned long ex_kusage; unsigned long ex_xkusage; unsigned long ex_nscert; unsigned char sha1_hash[SHA_DIGEST_LENGTH]; X509_CERT_AUX *aux; } X509; Loading Loading @@ -869,6 +870,7 @@ unsigned long X509_issuer_name_hash(X509 *a); int X509_subject_name_cmp(X509 *a,X509 *b); unsigned long X509_subject_name_hash(X509 *x); int X509_cmp (X509 *a, X509 *b); int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); Loading
crypto/x509/x509_cmp.c +11 −0 Original line number Diff line number Diff line Loading @@ -61,6 +61,7 @@ #include <openssl/asn1.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/x509v3.h> int X509_issuer_and_serial_cmp(X509 *a, X509 *b) { Loading Loading @@ -135,6 +136,16 @@ unsigned long X509_subject_name_hash(X509 *x) { return(X509_NAME_hash(x->cert_info->subject)); } /* Compare two certificates: they must be identical for * this to work. */ int X509_cmp(X509 *a, X509 *b) { /* ensure hash is valid */ X509_check_purpose(a, -1, 0); X509_check_purpose(b, -1, 0); return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); } int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) { Loading
crypto/x509v3/v3_purp.c +3 −1 Original line number Diff line number Diff line Loading @@ -103,6 +103,7 @@ int X509_check_purpose(X509 *x, int id, int ca) x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); } if(id == -1) return 1; idx = x509_purpose_get_idx(id); if(idx == -1) return -1; pt = sk_X509_PURPOSE_value(xptable, idx); Loading Loading @@ -199,6 +200,7 @@ static void x509v3_cache_extensions(X509 *x) STACK_OF(ASN1_OBJECT) *extusage; int i; if(x->ex_flags & EXFLAG_SET) return; X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); /* Does subject name match issuer ? */ if(X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) x->ex_flags |= EXFLAG_SS; Loading
