[rs-commit] r112 - in /redwax-tool/trunk: redwax-tool.h redwax_openssl.c redwax_p11kit.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Sat Dec 4 11:28:09 CET 2021
Author: minfrin at redwax.eu
Date: Sat Dec 4 11:27:52 2021
New Revision: 112
Log:
Read the ID from openssl trusted certificates.
Modified:
redwax-tool/trunk/redwax-tool.h
redwax-tool/trunk/redwax_openssl.c
redwax-tool/trunk/redwax_p11kit.c
Modified: redwax-tool/trunk/redwax-tool.h
==============================================================================
--- redwax-tool/trunk/redwax-tool.h (original)
+++ redwax-tool/trunk/redwax-tool.h Sat Dec 4 11:27:52 2021
@@ -132,8 +132,6 @@
typedef struct redwax_certificate_x509_t {
const unsigned char *subject_der;
apr_size_t subject_len;
- const unsigned char *id_der;
- apr_size_t id_len;
const unsigned char *kid_der;
apr_size_t kid_len;
const unsigned char *skid_der;
@@ -153,6 +151,8 @@
const unsigned char *der;
apr_size_t len;
const char *origin;
+ const unsigned char *id_der;
+ apr_size_t id_len;
const char *label;
apr_size_t label_len;
const char *token;
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Sat Dec 4 11:27:52 2021
@@ -1051,7 +1051,7 @@
long len, error = 0;
- int label_len;
+ int label_len, id_len;
if (!strcmp(file, "-")) {
if (r->complete) {
@@ -1192,6 +1192,8 @@
cert->common.category = REDWAX_CERTIFICATE_TRUSTED;
cert->header = header;
+ cert->id_der = (unsigned char *)X509_keyid_get0(x, &id_len);
+ cert->id_len = id_len;
cert->label = (const char *)X509_alias_get0(x, &label_len);
cert->label_len = label_len;
@@ -3673,10 +3675,10 @@
redwax_metadata_push_object(m, "Certificate", 0);
redwax_metadata_add_string(m, "Origin", cert->origin);
if (cert->common.type == REDWAX_CERTIFICATE_X509 && cert->x509 &&
- cert->x509->id_der && cert->x509->id_len) {
+ cert->id_der && cert->id_len) {
redwax_metadata_add_string(m, "Id",
redwax_pencode_base16_binary(m->pool,
- cert->x509->id_der, cert->x509->id_len,
+ cert->id_der, cert->id_len,
REDWAX_ENCODE_LOWER, NULL));
}
if (cert->label && cert->label_len) {
Modified: redwax-tool/trunk/redwax_p11kit.c
==============================================================================
--- redwax-tool/trunk/redwax_p11kit.c (original)
+++ redwax-tool/trunk/redwax_p11kit.c Sat Dec 4 11:27:52 2021
@@ -443,9 +443,9 @@
}
/* otherwise keep the original ID */
- else if (x509->id_len) {
+ else if (cert->id_len) {
redwax_pkcs11_add_attribute(template, CKA_ID,
- (void *)x509->id_der, x509->id_len);
+ (void *)cert->id_der, cert->id_len);
}
/* failing that use the subject key identifier */
@@ -1485,7 +1485,7 @@
redwax_certificate_x509_t *x509 = cert->x509;
- if (!x509->id_der && !x509->skid_der) {
+ if (!cert->id_der && !x509->skid_der) {
redwax_print_error(r,
"pkcs11-in: certificate on token '%s' has no ID and no Subject Key "
@@ -1494,30 +1494,30 @@
}
- else if (!x509->id_der && x509->skid_der) {
+ else if (!cert->id_der && x509->skid_der) {
redwax_print_error(r,
"pkcs11-in: certificate on token '%s' has no ID, with Subject Key "
"Identifier '%s' present, and is therefore unlikely to be found by "
"most software. Reading certificate anyway.\n",
cert->token,
- redwax_pencode_base16_binary(pool, x509->id_der,
- x509->id_len, REDWAX_ENCODE_LOWER, NULL));
-
- }
-
- else if (x509->id_der && x509->skid_der
- && (x509->id_len != x509->skid_len
- || memcmp(x509->id_der, x509->skid_der,
- x509->id_len))) {
+ redwax_pencode_base16_binary(pool, cert->id_der,
+ cert->id_len, REDWAX_ENCODE_LOWER, NULL));
+
+ }
+
+ else if (cert->id_der && x509->skid_der
+ && (cert->id_len != x509->skid_len
+ || memcmp(cert->id_der, x509->skid_der,
+ cert->id_len))) {
redwax_print_error(r,
"pkcs11-in: certificate on token '%s' has ID '%s', but different "
"Subject Key Identifier '%s', and is therefore unlikely to be found "
"by most software. Reading certificate anyway.\n",
cert->token,
- redwax_pencode_base16_binary(pool, x509->id_der,
- x509->id_len, REDWAX_ENCODE_LOWER, NULL),
+ redwax_pencode_base16_binary(pool, cert->id_der,
+ cert->id_len, REDWAX_ENCODE_LOWER, NULL),
redwax_pencode_base16_binary(pool, x509->skid_der,
x509->skid_len, REDWAX_ENCODE_LOWER, NULL));
@@ -1684,10 +1684,9 @@
rt_run_normalise_certificate(r, cert, 1);
cert->origin = redwax_p11kit_origin(r, cert->pool, module,
- tokenInfo, session, object,
- cert->x509 ? &cert->x509->id_der : NULL,
- cert->x509 ? &cert->x509->id_len : NULL, &cert->label,
- &cert->label_len, NULL);
+ tokenInfo, session, object, &cert->id_der,
+ &cert->id_len, &cert->label, &cert->label_len,
+ NULL);
cert->token = redwax_pstrntrim(cert->pool,
(const char*) tokenInfo->label,
More information about the rs-commit
mailing list