[rs-commit] r107 - /redwax-tool/trunk/redwax_openssl.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Thu Dec 2 14:19:29 CET 2021
Author: minfrin at redwax.eu
Date: Thu Dec 2 14:19:29 2021
New Revision: 107
Log:
Add support for CRL distribution points.
Modified:
redwax-tool/trunk/redwax_openssl.c
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Thu Dec 2 14:19:29 2021
@@ -2804,6 +2804,32 @@
return APR_SUCCESS;
}
+static apr_status_t redwax_openssl_general_names_metadata(redwax_tool_t *r,
+ redwax_metadata_t *m, STACK_OF(GENERAL_NAME) *gens)
+{
+ int i;
+
+ if (sk_GENERAL_NAME_num(gens)) {
+
+ redwax_metadata_push_array(m, "Names", 0);
+
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+
+ GENERAL_NAME *gen;
+
+ gen = sk_GENERAL_NAME_value(gens, i);
+
+ redwax_metadata_push_object(m, "Name", 0);
+ redwax_openssl_general_name_metadata(r, m, gen);
+ redwax_metadata_pop_object(m);
+ }
+
+ redwax_metadata_pop_array(m);
+ }
+
+ return APR_SUCCESS;
+}
+
static BIT_STRING_BITNAME ns_cert_type_table[] = {
{0, "SSL Client", "client"},
{1, "SSL Server", "server"},
@@ -2829,6 +2855,19 @@
{-1, NULL, NULL}
};
+static const BIT_STRING_BITNAME reason_flags[] = {
+ {0, "Unused", "unused"},
+ {1, "Key Compromise", "keyCompromise"},
+ {2, "CA Compromise", "CACompromise"},
+ {3, "Affiliation Changed", "affiliationChanged"},
+ {4, "Superseded", "superseded"},
+ {5, "Cessation Of Operation", "cessationOfOperation"},
+ {6, "Certificate Hold", "certificateHold"},
+ {7, "Privilege Withdrawn", "privilegeWithdrawn"},
+ {8, "AA Compromise", "AACompromise"},
+ {-1, NULL, NULL}
+};
+
static apr_status_t redwax_openssl_extension_metadata(redwax_tool_t *r,
redwax_metadata_t *m, X509_EXTENSION *ex)
{
@@ -3036,25 +3075,7 @@
GENERAL_NAMES *gens = X509V3_EXT_d2i(ex);
- int i;
-
- if (sk_GENERAL_NAME_num(gens)) {
-
- redwax_metadata_push_array(m, "Names", 0);
-
- for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-
- GENERAL_NAME *gen;
-
- gen = sk_GENERAL_NAME_value(gens, i);
-
- redwax_metadata_push_object(m, "Name", 0);
- redwax_openssl_general_name_metadata(r, m, gen);
- redwax_metadata_pop_object(m);
- }
-
- redwax_metadata_pop_array(m);
- }
+ redwax_openssl_general_names_metadata(r, m, gens);
break;
}
@@ -3084,27 +3105,7 @@
if (akeyid->issuer) {
redwax_metadata_push_object(m, "Issuer", 0);
-
- int i;
-
- if (sk_GENERAL_NAME_num(akeyid->issuer)) {
-
- redwax_metadata_push_array(m, "Names", 0);
-
- for (i = 0; i < sk_GENERAL_NAME_num(akeyid->issuer); i++) {
-
- GENERAL_NAME *gen;
-
- gen = sk_GENERAL_NAME_value(akeyid->issuer, i);
-
- redwax_metadata_push_object(m, "Name", 0);
- redwax_openssl_general_name_metadata(r, m, gen);
- redwax_metadata_pop_object(m);
- }
-
- redwax_metadata_pop_array(m);
- }
-
+ redwax_openssl_general_names_metadata(r, m, akeyid->issuer);
redwax_metadata_pop_object(m);
}
@@ -3277,6 +3278,98 @@
redwax_metadata_pop_object(m);
}
+ }
+
+ redwax_metadata_pop_array(m);
+ }
+
+ break;
+ }
+ case NID_crl_distribution_points:
+ case NID_freshest_crl: {
+
+ STACK_OF(DIST_POINT) *crld = X509V3_EXT_d2i(ex);
+
+ int i, j;
+
+ if (sk_DIST_POINT_num(crld)) {
+
+ redwax_metadata_push_array(m, "CRLDistributionPoints", 0);
+
+ for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
+
+ DIST_POINT *point;
+
+ point = sk_DIST_POINT_value(crld, i);
+
+ redwax_metadata_push_object(m, "CRLDistributionPoint", 0);
+
+ if (point->distpoint) {
+
+ DIST_POINT_NAME *dpn;
+
+ dpn = point->distpoint;
+
+ if (dpn->type == 0) {
+
+ redwax_metadata_push_object(m, "FullName", 0);
+ redwax_openssl_general_names_metadata(r, m,
+ dpn->name.fullname);
+ redwax_metadata_pop_object(m);
+ } else {
+
+ X509_NAME *ntmp;
+
+ ntmp = X509_NAME_new();
+
+ for (j = 0;
+ j
+ < sk_X509_NAME_ENTRY_num(
+ dpn->name.relativename); j++) {
+
+ X509_NAME_ENTRY *entry;
+
+ entry = sk_X509_NAME_ENTRY_value(
+ dpn->name.relativename, j);
+
+ X509_NAME_add_entry(ntmp, entry, -1, j ? 0 : 1);
+ }
+
+ redwax_metadata_add_string(m, "RelativeName",
+ redwax_openssl_name(m->pool, ntmp));
+
+ X509_NAME_free(ntmp);
+ }
+
+ }
+
+ if (point->reasons) {
+
+ const BIT_STRING_BITNAME *pbn;
+
+ redwax_metadata_push_array(m, "Reasons", 0);
+
+ for (pbn = reason_flags; pbn->lname; pbn++) {
+
+ if (ASN1_BIT_STRING_get_bit(point->reasons,
+ pbn->bitnum)) {
+
+ redwax_metadata_add_string(m, "Reason", pbn->sname);
+ }
+ }
+
+ redwax_metadata_pop_array(m);
+ }
+
+ if (point->CRLissuer) {
+
+ redwax_metadata_push_object(m, "CRLIssuer", 0);
+ redwax_openssl_general_names_metadata(r, m,
+ point->CRLissuer);
+ redwax_metadata_pop_object(m);
+ }
+
+ redwax_metadata_pop_object(m);
}
redwax_metadata_pop_array(m);
More information about the rs-commit
mailing list