diff options
| author | William Ahern <william@25thandclement.com> | 2016-06-24 19:10:40 -0700 |
|---|---|---|
| committer | William Ahern <william@25thandclement.com> | 2016-06-24 19:10:40 -0700 |
| commit | bddd9f5a79ae4aea43d7dca09157c53e40503bfb (patch) | |
| tree | 5458f64fbd3a52e7128f8977715b3ee1cac3098a | |
| parent | a63e737bd12e466937223c848387d0b704f02e31 (diff) | |
| download | luaossl-bddd9f5a79ae4aea43d7dca09157c53e40503bfb.tar.gz luaossl-bddd9f5a79ae4aea43d7dca09157c53e40503bfb.tar.bz2 luaossl-bddd9f5a79ae4aea43d7dca09157c53e40503bfb.zip | |
refactor style to more closely match the style of the existing code, such as it is
| -rw-r--r-- | src/openssl.c | 57 |
1 files changed, 35 insertions, 22 deletions
diff --git a/src/openssl.c b/src/openssl.c index 6b74025..9c40e57 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
| @@ -5490,33 +5490,40 @@ static int xr_setPublicKey(lua_State *L) { | |||
| 5490 | 5490 | ||
| 5491 | static int xr_setExtensionByNid(lua_State *L, X509_REQ *csr, int target_nid, void* value) { | 5491 | static int xr_setExtensionByNid(lua_State *L, X509_REQ *csr, int target_nid, void* value) { |
| 5492 | STACK_OF(X509_EXTENSION) *sk = NULL; | 5492 | STACK_OF(X509_EXTENSION) *sk = NULL; |
| 5493 | X509_ATTRIBUTE *attr; | 5493 | int has_attrs=0; |
| 5494 | int has_attrs=0, idx, *pnid; | ||
| 5495 | |||
| 5496 | // Replace existing if it's there. Extensions are stored in a CSR in an interesting way: | ||
| 5497 | // | ||
| 5498 | // They are stored as a list under either (most likely) the "official" | ||
| 5499 | // NID_ext_req or under NID_ms_ext_req which means everything is stored | ||
| 5500 | // under a list in a single "attribute" so we can't use X509_REQ_add1_attr | ||
| 5501 | // or similar. | ||
| 5502 | // | ||
| 5503 | // Instead we have to get the extensions, find and replace the SAN if it's | ||
| 5504 | // in there, then *replace* the extensions in the list of attributes. (If | ||
| 5505 | // we just try to add it the old ones are found first and don't take | ||
| 5506 | // priority) | ||
| 5507 | 5494 | ||
| 5495 | /* | ||
| 5496 | * Replace existing if it's there. Extensions are stored in a CSR in | ||
| 5497 | * an interesting way: | ||
| 5498 | * | ||
| 5499 | * They are stored as a list under either (most likely) the | ||
| 5500 | * "official" NID_ext_req or under NID_ms_ext_req which means | ||
| 5501 | * everything is stored under a list in a single "attribute" so we | ||
| 5502 | * can't use X509_REQ_add1_attr or similar. | ||
| 5503 | * | ||
| 5504 | * Instead we have to get the extensions, find and replace the SAN | ||
| 5505 | * if it's in there, then *replace* the extensions in the list of | ||
| 5506 | * attributes. (If we just try to add it the old ones are found | ||
| 5507 | * first and don't take priority.) | ||
| 5508 | */ | ||
| 5508 | has_attrs = X509_REQ_get_attr_count(csr); | 5509 | has_attrs = X509_REQ_get_attr_count(csr); |
| 5509 | sk = X509_REQ_get_extensions(csr); | ||
| 5510 | 5510 | ||
| 5511 | sk = X509_REQ_get_extensions(csr); | ||
| 5511 | if (!X509V3_add1_i2d(&sk, target_nid, value, 0, X509V3_ADD_REPLACE)) | 5512 | if (!X509V3_add1_i2d(&sk, target_nid, value, 0, X509V3_ADD_REPLACE)) |
| 5512 | goto error; | 5513 | goto error; |
| 5513 | |||
| 5514 | if (X509_REQ_add_extensions(csr, sk) == 0) | 5514 | if (X509_REQ_add_extensions(csr, sk) == 0) |
| 5515 | goto error; | 5515 | goto error; |
| 5516 | sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free); | ||
| 5517 | sk = NULL; | ||
| 5516 | 5518 | ||
| 5517 | // Delete the old extensions attribute, so that the one we just added takes priority | 5519 | /* |
| 5520 | * Delete the old extensions attribute, so that the one we just | ||
| 5521 | * added takes priority. | ||
| 5522 | */ | ||
| 5518 | if (has_attrs) { | 5523 | if (has_attrs) { |
| 5519 | attr = NULL; | 5524 | X509_ATTRIBUTE *attr = NULL; |
| 5525 | int idx, *pnid; | ||
| 5526 | |||
| 5520 | for (pnid = X509_REQ_get_extension_nids(); *pnid != NID_undef; pnid++) { | 5527 | for (pnid = X509_REQ_get_extension_nids(); *pnid != NID_undef; pnid++) { |
| 5521 | idx = X509_REQ_get_attr_by_NID(csr, *pnid, -1); | 5528 | idx = X509_REQ_get_attr_by_NID(csr, *pnid, -1); |
| 5522 | if (idx == -1) | 5529 | if (idx == -1) |
| @@ -5530,16 +5537,19 @@ static int xr_setExtensionByNid(lua_State *L, X509_REQ *csr, int target_nid, voi | |||
| 5530 | goto error; | 5537 | goto error; |
| 5531 | } | 5538 | } |
| 5532 | 5539 | ||
| 5533 | // We have to mark the encoded form as invalid, otherwise when we write it | 5540 | /* |
| 5534 | // out again it will use the loaded version | 5541 | * We have to mark the encoded form as invalid, otherwise when we |
| 5542 | * write it out again it will use the loaded version. | ||
| 5543 | */ | ||
| 5535 | csr->req_info->enc.modified = 1; | 5544 | csr->req_info->enc.modified = 1; |
| 5536 | 5545 | ||
| 5537 | sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free); | ||
| 5538 | lua_pushboolean(L, 1); | 5546 | lua_pushboolean(L, 1); |
| 5547 | |||
| 5539 | return 1; | 5548 | return 1; |
| 5540 | error: | 5549 | error: |
| 5541 | if (sk) | 5550 | if (sk) |
| 5542 | sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free); | 5551 | sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free); |
| 5552 | |||
| 5543 | return auxL_error(L, auxL_EOPENSSL, "x509.csr.setExtensionByNid"); | 5553 | return auxL_error(L, auxL_EOPENSSL, "x509.csr.setExtensionByNid"); |
| 5544 | } /* xr_setExtensionByNid() */ | 5554 | } /* xr_setExtensionByNid() */ |
| 5545 | 5555 | ||
| @@ -5547,20 +5557,23 @@ error: | |||
| 5547 | static int xr_setSubjectAlt(lua_State *L) { | 5557 | static int xr_setSubjectAlt(lua_State *L) { |
| 5548 | X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS); | 5558 | X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS); |
| 5549 | GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS); | 5559 | GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS); |
| 5560 | |||
| 5550 | return xr_setExtensionByNid(L, csr, NID_subject_alt_name, gens); | 5561 | return xr_setExtensionByNid(L, csr, NID_subject_alt_name, gens); |
| 5551 | } /* xr_setSubjectAlt */ | 5562 | } /* xr_setSubjectAlt */ |
| 5552 | 5563 | ||
| 5553 | 5564 | ||
| 5554 | static int xr_getSubjectAlt(lua_State *L) { | 5565 | static int xr_getSubjectAlt(lua_State *L) { |
| 5555 | X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS); | 5566 | X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS); |
| 5567 | STACK_OF(X509_EXTENSION) *exts; | ||
| 5556 | GENERAL_NAMES *gens; | 5568 | GENERAL_NAMES *gens; |
| 5557 | STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); | ||
| 5558 | 5569 | ||
| 5570 | exts = X509_REQ_get_extensions(csr); | ||
| 5559 | gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); | 5571 | gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); |
| 5560 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); | 5572 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); |
| 5561 | if (!gens) goto error; | 5573 | if (!gens) goto error; |
| 5562 | 5574 | ||
| 5563 | gn_dup(L, gens); | 5575 | gn_dup(L, gens); |
| 5576 | |||
| 5564 | return 1; | 5577 | return 1; |
| 5565 | error: | 5578 | error: |
| 5566 | return 0; | 5579 | return 0; |