This commit was manufactured by cvs2git to create branch 'OPENBSD_5_7'.libressl-v2.1.5

author: cvs2svn <admin@example.com> 2015-03-08 16:48:49 +0000
committer: cvs2svn <admin@example.com> 2015-03-08 16:48:49 +0000
commit: decf84ba5550c1656a7fdb51b5b81969590c3f03 (patch)
tree: 44872802e872bdfd60730fa9cf01d9d5751251c1 /src/lib/libcrypto/x509v3/v3_cpols.c
parent: 7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427 (diff)
download: openbsd-libressl-v2.1.5.tar.gz
openbsd-libressl-v2.1.5.tar.bz2
openbsd-libressl-v2.1.5.zip
1 files changed, 0 insertions, 617 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
deleted file mode 100644
index 65916778aa..0000000000
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ /dev/null
@@ -1,617 +0,0 @@
-/* $OpenBSD: v3_cpols.c,v 1.19 2015/02/14 15:17:52 miod Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-#include "pcy_int.h"
-/* Certificate policies extension support: this one is a bit complex... */
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
-    BIO *out, int indent);
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
-    X509V3_CTX *ctx, char *value);
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
-    int indent);
-static void print_notice(BIO *out, USERNOTICE *notice, int indent);
-static POLICYINFO *policy_section(X509V3_CTX *ctx,
-    STACK_OF(CONF_VALUE) *polstrs, int ia5org);
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
-    STACK_OF(CONF_VALUE) *unot, int ia5org);
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
-const X509V3_EXT_METHOD v3_cpols = {
-        NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-        0, 0, 0, 0,
-        0, 0,
-        0, 0,
-        (X509V3_EXT_I2R)i2r_certpol,
-        (X509V3_EXT_R2I)r2i_certpol,
-        NULL
-};
-ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
-    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES,
-        POLICYINFO)
-ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
-CERTIFICATEPOLICIES *
-d2i_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES **a, const unsigned char **in, long len)
-{
-        return (CERTIFICATEPOLICIES *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &CERTIFICATEPOLICIES_it);
-}
-int
-i2d_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &CERTIFICATEPOLICIES_it);
-}
-CERTIFICATEPOLICIES *
-CERTIFICATEPOLICIES_new(void)
-{
-        return (CERTIFICATEPOLICIES *)ASN1_item_new(&CERTIFICATEPOLICIES_it);
-}
-void
-CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &CERTIFICATEPOLICIES_it);
-}
-ASN1_SEQUENCE(POLICYINFO) = {
-        ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
-        ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYINFO)
-POLICYINFO *
-d2i_POLICYINFO(POLICYINFO **a, const unsigned char **in, long len)
-{
-        return (POLICYINFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &POLICYINFO_it);
-}
-int
-i2d_POLICYINFO(POLICYINFO *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &POLICYINFO_it);
-}
-POLICYINFO *
-POLICYINFO_new(void)
-{
-        return (POLICYINFO *)ASN1_item_new(&POLICYINFO_it);
-}
-void
-POLICYINFO_free(POLICYINFO *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &POLICYINFO_it);
-}
-ASN1_ADB_TEMPLATE(policydefault) =
-    ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
-ASN1_ADB(POLICYQUALINFO) = {
-        ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
-        ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
-} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
-ASN1_SEQUENCE(POLICYQUALINFO) = {
-        ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
-        ASN1_ADB_OBJECT(POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYQUALINFO)
-POLICYQUALINFO *
-d2i_POLICYQUALINFO(POLICYQUALINFO **a, const unsigned char **in, long len)
-{
-        return (POLICYQUALINFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &POLICYQUALINFO_it);
-}
-int
-i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &POLICYQUALINFO_it);
-}
-POLICYQUALINFO *
-POLICYQUALINFO_new(void)
-{
-        return (POLICYQUALINFO *)ASN1_item_new(&POLICYQUALINFO_it);
-}
-void
-POLICYQUALINFO_free(POLICYQUALINFO *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &POLICYQUALINFO_it);
-}
-ASN1_SEQUENCE(USERNOTICE) = {
-        ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
-        ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
-} ASN1_SEQUENCE_END(USERNOTICE)
-USERNOTICE *
-d2i_USERNOTICE(USERNOTICE **a, const unsigned char **in, long len)
-{
-        return (USERNOTICE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &USERNOTICE_it);
-}
-int
-i2d_USERNOTICE(USERNOTICE *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &USERNOTICE_it);
-}
-USERNOTICE *
-USERNOTICE_new(void)
-{
-        return (USERNOTICE *)ASN1_item_new(&USERNOTICE_it);
-}
-void
-USERNOTICE_free(USERNOTICE *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &USERNOTICE_it);
-}
-ASN1_SEQUENCE(NOTICEREF) = {
-        ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
-        ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(NOTICEREF)
-NOTICEREF *
-d2i_NOTICEREF(NOTICEREF **a, const unsigned char **in, long len)
-{
-        return (NOTICEREF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &NOTICEREF_it);
-}
-int
-i2d_NOTICEREF(NOTICEREF *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &NOTICEREF_it);
-}
-NOTICEREF *
-NOTICEREF_new(void)
-{
-        return (NOTICEREF *)ASN1_item_new(&NOTICEREF_it);
-}
-void
-NOTICEREF_free(NOTICEREF *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &NOTICEREF_it);
-}
-static
-STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-    char *value)
-{
-        STACK_OF(POLICYINFO) *pols = NULL;
-        char *pstr;
-        POLICYINFO *pol;
-        ASN1_OBJECT *pobj;
-        STACK_OF(CONF_VALUE) *vals;
-        CONF_VALUE *cnf;
-        int i, ia5org;
-        pols = sk_POLICYINFO_new_null();
-        if (pols == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        vals = X509V3_parse_list(value);
-        if (vals == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
-                goto err;
-        }
-        ia5org = 0;
-        for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-                cnf = sk_CONF_VALUE_value(vals, i);
-                if (cnf->value || !cnf->name) {
-                        X509V3err(X509V3_F_R2I_CERTPOL,
-                            X509V3_R_INVALID_POLICY_IDENTIFIER);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-                pstr = cnf->name;
-                if (!strcmp(pstr, "ia5org")) {
-                        ia5org = 1;
-                        continue;
-                } else if (*pstr == '@') {
-                        STACK_OF(CONF_VALUE) *polsect;
-                        polsect = X509V3_get_section(ctx, pstr + 1);
-                        if (!polsect) {
-                                X509V3err(X509V3_F_R2I_CERTPOL,
-                                    X509V3_R_INVALID_SECTION);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        pol = policy_section(ctx, polsect, ia5org);
-                        X509V3_section_free(ctx, polsect);
-                        if (!pol)
-                                goto err;
-                } else {
-                        if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
-                                X509V3err(X509V3_F_R2I_CERTPOL,
-                                    X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        pol = POLICYINFO_new();
-                        pol->policyid = pobj;
-                }
-                if (!sk_POLICYINFO_push(pols, pol)){
-                        POLICYINFO_free(pol);
-                        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-        }
-        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-        return pols;
-err:
-        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-        sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
-        return NULL;
-}
-static POLICYINFO *
-policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
-{
-        int i;
-        CONF_VALUE *cnf;
-        POLICYINFO *pol;
-        POLICYQUALINFO *qual;
-        if (!(pol = POLICYINFO_new()))
-                goto merr;
-        for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
-                cnf = sk_CONF_VALUE_value(polstrs, i);
-                if (!strcmp(cnf->name, "policyIdentifier")) {
-                        ASN1_OBJECT *pobj;
-                        if (!(pobj = OBJ_txt2obj(cnf->value, 0))) {
-                                X509V3err(X509V3_F_POLICY_SECTION,
-                                    X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        pol->policyid = pobj;
-                } else if (!name_cmp(cnf->name, "CPS")) {
-                        if (!pol->qualifiers)
-                                pol->qualifiers = sk_POLICYQUALINFO_new_null();
-                        if (!(qual = POLICYQUALINFO_new()))
-                                goto merr;
-                        if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-                                goto merr;
-                        qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
-                        qual->d.cpsuri = M_ASN1_IA5STRING_new();
-                        if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
-                            strlen(cnf->value)))
-                                goto merr;
-                } else if (!name_cmp(cnf->name, "userNotice")) {
-                        STACK_OF(CONF_VALUE) *unot;
-                        if (*cnf->value != '@') {
-                                X509V3err(X509V3_F_POLICY_SECTION,
-                                    X509V3_R_EXPECTED_A_SECTION_NAME);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        unot = X509V3_get_section(ctx, cnf->value + 1);
-                        if (!unot) {
-                                X509V3err(X509V3_F_POLICY_SECTION,
-                                    X509V3_R_INVALID_SECTION);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        qual = notice_section(ctx, unot, ia5org);
-                        X509V3_section_free(ctx, unot);
-                        if (!qual)
-                                goto err;
-                        if (!pol->qualifiers) pol->qualifiers =
-                            sk_POLICYQUALINFO_new_null();
-                        if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-                                goto merr;
-                } else {
-                        X509V3err(X509V3_F_POLICY_SECTION,
-                            X509V3_R_INVALID_OPTION);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-        }
-        if (!pol->policyid) {
-                X509V3err(X509V3_F_POLICY_SECTION,
-                    X509V3_R_NO_POLICY_IDENTIFIER);
-                goto err;
-        }
-        return pol;
-merr:
-        X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
-err:
-        POLICYINFO_free(pol);
-        return NULL;
-}
-static POLICYQUALINFO *
-notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
-{
-        int i, ret;
-        CONF_VALUE *cnf;
-        USERNOTICE *not;
-        POLICYQUALINFO *qual;
-        if (!(qual = POLICYQUALINFO_new()))
-                goto merr;
-        qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
-        if (!(not = USERNOTICE_new()))
-                goto merr;
-        qual->d.usernotice = not;
-        for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
-                cnf = sk_CONF_VALUE_value(unot, i);
-                if (!strcmp(cnf->name, "explicitText")) {
-                        if (not->exptext == NULL) {
-                                not->exptext = M_ASN1_VISIBLESTRING_new();
-                                if (not->exptext == NULL)
-                                        goto merr;
-                        }
-                        if (!ASN1_STRING_set(not->exptext, cnf->value,
-                            strlen(cnf->value)))
-                                goto merr;
-                } else if (!strcmp(cnf->name, "organization")) {
-                        NOTICEREF *nref;
-                        if (!not->noticeref) {
-                                if (!(nref = NOTICEREF_new()))
-                                        goto merr;
-                                not->noticeref = nref;
-                        } else
-                                nref = not->noticeref;
-                        if (ia5org)
-                                nref->organization->type = V_ASN1_IA5STRING;
-                        else
-                                nref->organization->type = V_ASN1_VISIBLESTRING;
-                        if (!ASN1_STRING_set(nref->organization, cnf->value,
-                            strlen(cnf->value)))
-                                goto merr;
-                } else if (!strcmp(cnf->name, "noticeNumbers")) {
-                        NOTICEREF *nref;
-                        STACK_OF(CONF_VALUE) *nos;
-                        if (!not->noticeref) {
-                                if (!(nref = NOTICEREF_new()))
-                                        goto merr;
-                                not->noticeref = nref;
-                        } else
-                                nref = not->noticeref;
-                        nos = X509V3_parse_list(cnf->value);
-                        if (!nos || !sk_CONF_VALUE_num(nos)) {
-                                X509V3err(X509V3_F_NOTICE_SECTION,
-                                    X509V3_R_INVALID_NUMBERS);
-                                X509V3_conf_err(cnf);
-                                if (nos != NULL)
-                                        sk_CONF_VALUE_pop_free(nos,
-                                            X509V3_conf_free);
-                                goto err;
-                        }
-                        ret = nref_nos(nref->noticenos, nos);
-                        sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
-                        if (!ret)
-                                goto err;
-                } else {
-                        X509V3err(X509V3_F_NOTICE_SECTION,
-                            X509V3_R_INVALID_OPTION);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-        }
-        if (not->noticeref &&
-            (!not->noticeref->noticenos || !not->noticeref->organization)) {
-                X509V3err(X509V3_F_NOTICE_SECTION,
-                    X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
-                goto err;
-        }
-        return qual;
-merr:
-        X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
-err:
-        POLICYQUALINFO_free(qual);
-        return NULL;
-}
-static int
-nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
-{
-        CONF_VALUE *cnf;
-        ASN1_INTEGER *aint;
-        int i;
-        for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
-                cnf = sk_CONF_VALUE_value(nos, i);
-                if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
-                        X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
-                        goto err;
-                }
-                if (!sk_ASN1_INTEGER_push(nnums, aint))
-                        goto merr;
-        }
-        return 1;
-merr:
-        X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
-err:
-        sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
-        return 0;
-}
-static int
-i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out,
-    int indent)
-{
-        int i;
-        POLICYINFO *pinfo;
-        /* First print out the policy OIDs */
-        for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
-                pinfo = sk_POLICYINFO_value(pol, i);
-                BIO_printf(out, "%*sPolicy: ", indent, "");
-                i2a_ASN1_OBJECT(out, pinfo->policyid);
-                BIO_puts(out, "\n");
-                if (pinfo->qualifiers)
-                        print_qualifiers(out, pinfo->qualifiers, indent + 2);
-        }
-        return 1;
-}
-static void
-print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent)
-{
-        POLICYQUALINFO *qualinfo;
-        int i;
-        for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
-                qualinfo = sk_POLICYQUALINFO_value(quals, i);
-                switch (OBJ_obj2nid(qualinfo->pqualid)) {
-                case NID_id_qt_cps:
-                        BIO_printf(out, "%*sCPS: %s\n", indent, "",
-                            qualinfo->d.cpsuri->data);
-                        break;
-                case NID_id_qt_unotice:
-                        BIO_printf(out, "%*sUser Notice:\n", indent, "");
-                        print_notice(out, qualinfo->d.usernotice, indent + 2);
-                        break;
-                default:
-                        BIO_printf(out, "%*sUnknown Qualifier: ",
-                            indent + 2, "");
-                        i2a_ASN1_OBJECT(out, qualinfo->pqualid);
-                        BIO_puts(out, "\n");
-                        break;
-                }
-        }
-}
-static void
-print_notice(BIO *out, USERNOTICE *notice, int indent)
-{
-        int i;
-        if (notice->noticeref) {
-                NOTICEREF *ref;
-                ref = notice->noticeref;
-                BIO_printf(out, "%*sOrganization: %s\n", indent, "",
-                    ref->organization->data);
-                BIO_printf(out, "%*sNumber%s: ", indent, "",
-                    sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
-                for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
-                        ASN1_INTEGER *num;
-                        char *tmp;
-                        num = sk_ASN1_INTEGER_value(ref->noticenos, i);
-                        if (i)
-                                BIO_puts(out, ", ");
-                        tmp = i2s_ASN1_INTEGER(NULL, num);
-                        BIO_puts(out, tmp);
-                        free(tmp);
-                }
-                BIO_puts(out, "\n");
-        }
-        if (notice->exptext)
-                BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
-                    notice->exptext->data);
-}
-void
-X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
-{
-        const X509_POLICY_DATA *dat = node->data;
-        BIO_printf(out, "%*sPolicy: ", indent, "");
-        i2a_ASN1_OBJECT(out, dat->valid_policy);
-        BIO_puts(out, "\n");
-        BIO_printf(out, "%*s%s\n", indent + 2, "",
-            node_data_critical(dat) ? "Critical" : "Non Critical");
-        if (dat->qualifier_set)
-                print_qualifiers(out, dat->qualifier_set, indent + 2);
-        else
-                BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
-}
author	cvs2svn <admin@example.com>	2015-03-08 16:48:49 +0000
committer	cvs2svn <admin@example.com>	2015-03-08 16:48:49 +0000
commit	decf84ba5550c1656a7fdb51b5b81969590c3f03 (patch)
tree	44872802e872bdfd60730fa9cf01d9d5751251c1 /src/lib/libcrypto/x509v3/v3_cpols.c
parent	7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427 (diff)
download	openbsd-libressl-v2.1.5.tar.gz openbsd-libressl-v2.1.5.tar.bz2 openbsd-libressl-v2.1.5.zip

diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c deleted file mode 100644 index 65916778aa..0000000000 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ /dev/null
@@ -1,617 +0,0 @@
1	/* $OpenBSD: v3_cpols.c,v 1.19 2015/02/14 15:17:52 miod Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <stdio.h>
60	#include <string.h>
61
62	#include <openssl/asn1.h>
63	#include <openssl/asn1t.h>
64	#include <openssl/conf.h>
65	#include <openssl/err.h>
66	#include <openssl/x509v3.h>
67
68	#include "pcy_int.h"
69
70	/* Certificate policies extension support: this one is a bit complex... */
71
72	static int i2r_certpol(X509V3_EXT_METHOD method, STACK_OF(POLICYINFO) pol,
73	BIO *out, int indent);
74	static STACK_OF(POLICYINFO) r2i_certpol(X509V3_EXT_METHOD method,
75	X509V3_CTX ctx, char value);
76	static void print_qualifiers(BIO out, STACK_OF(POLICYQUALINFO) quals,
77	int indent);
78	static void print_notice(BIO out, USERNOTICE notice, int indent);
79	static POLICYINFO policy_section(X509V3_CTX ctx,
80	STACK_OF(CONF_VALUE) *polstrs, int ia5org);
81	static POLICYQUALINFO notice_section(X509V3_CTX ctx,
82	STACK_OF(CONF_VALUE) *unot, int ia5org);
83	static int nref_nos(STACK_OF(ASN1_INTEGER) nnums, STACK_OF(CONF_VALUE) nos);
84
85	const X509V3_EXT_METHOD v3_cpols = {
86	NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
87	0, 0, 0, 0,
88	0, 0,
89	0, 0,
90	(X509V3_EXT_I2R)i2r_certpol,
91	(X509V3_EXT_R2I)r2i_certpol,
92	NULL
93	};
94
95	ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
96	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES,
97	POLICYINFO)
98	ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
99
100
101	CERTIFICATEPOLICIES *
102	d2i_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES a, const unsigned char in, long len)
103	{
104	return (CERTIFICATEPOLICIES )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
105	&CERTIFICATEPOLICIES_it);
106	}
107
108	int
109	i2d_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES a, unsigned char *out)
110	{
111	return ASN1_item_i2d((ASN1_VALUE *)a, out, &CERTIFICATEPOLICIES_it);
112	}
113
114	CERTIFICATEPOLICIES *
115	CERTIFICATEPOLICIES_new(void)
116	{
117	return (CERTIFICATEPOLICIES *)ASN1_item_new(&CERTIFICATEPOLICIES_it);
118	}
119
120	void
121	CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a)
122	{
123	ASN1_item_free((ASN1_VALUE *)a, &CERTIFICATEPOLICIES_it);
124	}
125
126	ASN1_SEQUENCE(POLICYINFO) = {
127	ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
128	ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
129	} ASN1_SEQUENCE_END(POLICYINFO)
130
131
132	POLICYINFO *
133	d2i_POLICYINFO(POLICYINFO a, const unsigned char in, long len)
134	{
135	return (POLICYINFO )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
136	&POLICYINFO_it);
137	}
138
139	int
140	i2d_POLICYINFO(POLICYINFO a, unsigned char *out)
141	{
142	return ASN1_item_i2d((ASN1_VALUE *)a, out, &POLICYINFO_it);
143	}
144
145	POLICYINFO *
146	POLICYINFO_new(void)
147	{
148	return (POLICYINFO *)ASN1_item_new(&POLICYINFO_it);
149	}
150
151	void
152	POLICYINFO_free(POLICYINFO *a)
153	{
154	ASN1_item_free((ASN1_VALUE *)a, &POLICYINFO_it);
155	}
156
157	ASN1_ADB_TEMPLATE(policydefault) =
158	ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
159
160	ASN1_ADB(POLICYQUALINFO) = {
161	ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
162	ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
163	} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
164
165	ASN1_SEQUENCE(POLICYQUALINFO) = {
166	ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
167	ASN1_ADB_OBJECT(POLICYQUALINFO)
168	} ASN1_SEQUENCE_END(POLICYQUALINFO)
169
170
171	POLICYQUALINFO *
172	d2i_POLICYQUALINFO(POLICYQUALINFO a, const unsigned char in, long len)
173	{
174	return (POLICYQUALINFO )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
175	&POLICYQUALINFO_it);
176	}
177
178	int
179	i2d_POLICYQUALINFO(POLICYQUALINFO a, unsigned char *out)
180	{
181	return ASN1_item_i2d((ASN1_VALUE *)a, out, &POLICYQUALINFO_it);
182	}
183
184	POLICYQUALINFO *
185	POLICYQUALINFO_new(void)
186	{
187	return (POLICYQUALINFO *)ASN1_item_new(&POLICYQUALINFO_it);
188	}
189
190	void
191	POLICYQUALINFO_free(POLICYQUALINFO *a)
192	{
193	ASN1_item_free((ASN1_VALUE *)a, &POLICYQUALINFO_it);
194	}
195
196	ASN1_SEQUENCE(USERNOTICE) = {
197	ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
198	ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
199	} ASN1_SEQUENCE_END(USERNOTICE)
200
201
202	USERNOTICE *
203	d2i_USERNOTICE(USERNOTICE a, const unsigned char in, long len)
204	{
205	return (USERNOTICE )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
206	&USERNOTICE_it);
207	}
208
209	int
210	i2d_USERNOTICE(USERNOTICE a, unsigned char *out)
211	{
212	return ASN1_item_i2d((ASN1_VALUE *)a, out, &USERNOTICE_it);
213	}
214
215	USERNOTICE *
216	USERNOTICE_new(void)
217	{
218	return (USERNOTICE *)ASN1_item_new(&USERNOTICE_it);
219	}
220
221	void
222	USERNOTICE_free(USERNOTICE *a)
223	{
224	ASN1_item_free((ASN1_VALUE *)a, &USERNOTICE_it);
225	}
226
227	ASN1_SEQUENCE(NOTICEREF) = {
228	ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
229	ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
230	} ASN1_SEQUENCE_END(NOTICEREF)
231
232
233	NOTICEREF *
234	d2i_NOTICEREF(NOTICEREF a, const unsigned char in, long len)
235	{
236	return (NOTICEREF )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
237	&NOTICEREF_it);
238	}
239
240	int
241	i2d_NOTICEREF(NOTICEREF a, unsigned char *out)
242	{
243	return ASN1_item_i2d((ASN1_VALUE *)a, out, &NOTICEREF_it);
244	}
245
246	NOTICEREF *
247	NOTICEREF_new(void)
248	{
249	return (NOTICEREF *)ASN1_item_new(&NOTICEREF_it);
250	}
251
252	void
253	NOTICEREF_free(NOTICEREF *a)
254	{
255	ASN1_item_free((ASN1_VALUE *)a, &NOTICEREF_it);
256	}
257
258	static
259	STACK_OF(POLICYINFO) r2i_certpol(X509V3_EXT_METHOD method, X509V3_CTX *ctx,
260	char *value)
261	{
262	STACK_OF(POLICYINFO) *pols = NULL;
263	char *pstr;
264	POLICYINFO *pol;
265	ASN1_OBJECT *pobj;
266	STACK_OF(CONF_VALUE) *vals;
267	CONF_VALUE *cnf;
268	int i, ia5org;
269
270	pols = sk_POLICYINFO_new_null();
271	if (pols == NULL) {
272	X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
273	return NULL;
274	}
275	vals = X509V3_parse_list(value);
276	if (vals == NULL) {
277	X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
278	goto err;
279	}
280	ia5org = 0;
281	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
282	cnf = sk_CONF_VALUE_value(vals, i);
283	if (cnf->value \|\| !cnf->name) {
284	X509V3err(X509V3_F_R2I_CERTPOL,
285	X509V3_R_INVALID_POLICY_IDENTIFIER);
286	X509V3_conf_err(cnf);
287	goto err;
288	}
289	pstr = cnf->name;
290	if (!strcmp(pstr, "ia5org")) {
291	ia5org = 1;
292	continue;
293	} else if (*pstr == '@') {
294	STACK_OF(CONF_VALUE) *polsect;
295	polsect = X509V3_get_section(ctx, pstr + 1);
296	if (!polsect) {
297	X509V3err(X509V3_F_R2I_CERTPOL,
298	X509V3_R_INVALID_SECTION);
299	X509V3_conf_err(cnf);
300	goto err;
301	}
302	pol = policy_section(ctx, polsect, ia5org);
303	X509V3_section_free(ctx, polsect);
304	if (!pol)
305	goto err;
306	} else {
307	if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
308	X509V3err(X509V3_F_R2I_CERTPOL,
309	X509V3_R_INVALID_OBJECT_IDENTIFIER);
310	X509V3_conf_err(cnf);
311	goto err;
312	}
313	pol = POLICYINFO_new();
314	pol->policyid = pobj;
315	}
316	if (!sk_POLICYINFO_push(pols, pol)){
317	POLICYINFO_free(pol);
318	X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
319	goto err;
320	}
321	}
322	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
323	return pols;
324
325	err:
326	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
327	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
328	return NULL;
329	}
330
331	static POLICYINFO *
332	policy_section(X509V3_CTX ctx, STACK_OF(CONF_VALUE) polstrs, int ia5org)
333	{
334	int i;
335	CONF_VALUE *cnf;
336	POLICYINFO *pol;
337	POLICYQUALINFO *qual;
338
339	if (!(pol = POLICYINFO_new()))
340	goto merr;
341	for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
342	cnf = sk_CONF_VALUE_value(polstrs, i);
343	if (!strcmp(cnf->name, "policyIdentifier")) {
344	ASN1_OBJECT *pobj;
345	if (!(pobj = OBJ_txt2obj(cnf->value, 0))) {
346	X509V3err(X509V3_F_POLICY_SECTION,
347	X509V3_R_INVALID_OBJECT_IDENTIFIER);
348	X509V3_conf_err(cnf);
349	goto err;
350	}
351	pol->policyid = pobj;
352	} else if (!name_cmp(cnf->name, "CPS")) {
353	if (!pol->qualifiers)
354	pol->qualifiers = sk_POLICYQUALINFO_new_null();
355	if (!(qual = POLICYQUALINFO_new()))
356	goto merr;
357	if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
358	goto merr;
359	qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
360	qual->d.cpsuri = M_ASN1_IA5STRING_new();
361	if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
362	strlen(cnf->value)))
363	goto merr;
364	} else if (!name_cmp(cnf->name, "userNotice")) {
365	STACK_OF(CONF_VALUE) *unot;
366	if (*cnf->value != '@') {
367	X509V3err(X509V3_F_POLICY_SECTION,
368	X509V3_R_EXPECTED_A_SECTION_NAME);
369	X509V3_conf_err(cnf);
370	goto err;
371	}
372	unot = X509V3_get_section(ctx, cnf->value + 1);
373	if (!unot) {
374	X509V3err(X509V3_F_POLICY_SECTION,
375	X509V3_R_INVALID_SECTION);
376	X509V3_conf_err(cnf);
377	goto err;
378	}
379	qual = notice_section(ctx, unot, ia5org);
380	X509V3_section_free(ctx, unot);
381	if (!qual)
382	goto err;
383	if (!pol->qualifiers) pol->qualifiers =
384	sk_POLICYQUALINFO_new_null();
385	if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
386	goto merr;
387	} else {
388	X509V3err(X509V3_F_POLICY_SECTION,
389	X509V3_R_INVALID_OPTION);
390	X509V3_conf_err(cnf);
391	goto err;
392	}
393	}
394	if (!pol->policyid) {
395	X509V3err(X509V3_F_POLICY_SECTION,
396	X509V3_R_NO_POLICY_IDENTIFIER);
397	goto err;
398	}
399
400	return pol;
401
402	merr:
403	X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
404
405	err:
406	POLICYINFO_free(pol);
407	return NULL;
408	}
409
410	static POLICYQUALINFO *
411	notice_section(X509V3_CTX ctx, STACK_OF(CONF_VALUE) unot, int ia5org)
412	{
413	int i, ret;
414	CONF_VALUE *cnf;
415	USERNOTICE *not;
416	POLICYQUALINFO *qual;
417
418	if (!(qual = POLICYQUALINFO_new()))
419	goto merr;
420	qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
421	if (!(not = USERNOTICE_new()))
422	goto merr;
423	qual->d.usernotice = not;
424	for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
425	cnf = sk_CONF_VALUE_value(unot, i);
426	if (!strcmp(cnf->name, "explicitText")) {
427	if (not->exptext == NULL) {
428	not->exptext = M_ASN1_VISIBLESTRING_new();
429	if (not->exptext == NULL)
430	goto merr;
431	}
432	if (!ASN1_STRING_set(not->exptext, cnf->value,
433	strlen(cnf->value)))
434	goto merr;
435	} else if (!strcmp(cnf->name, "organization")) {
436	NOTICEREF *nref;
437	if (!not->noticeref) {
438	if (!(nref = NOTICEREF_new()))
439	goto merr;
440	not->noticeref = nref;
441	} else
442	nref = not->noticeref;
443	if (ia5org)
444	nref->organization->type = V_ASN1_IA5STRING;
445	else
446	nref->organization->type = V_ASN1_VISIBLESTRING;
447	if (!ASN1_STRING_set(nref->organization, cnf->value,
448	strlen(cnf->value)))
449	goto merr;
450	} else if (!strcmp(cnf->name, "noticeNumbers")) {
451	NOTICEREF *nref;
452	STACK_OF(CONF_VALUE) *nos;
453	if (!not->noticeref) {
454	if (!(nref = NOTICEREF_new()))
455	goto merr;
456	not->noticeref = nref;
457	} else
458	nref = not->noticeref;
459	nos = X509V3_parse_list(cnf->value);
460	if (!nos \|\| !sk_CONF_VALUE_num(nos)) {
461	X509V3err(X509V3_F_NOTICE_SECTION,
462	X509V3_R_INVALID_NUMBERS);
463	X509V3_conf_err(cnf);
464	if (nos != NULL)
465	sk_CONF_VALUE_pop_free(nos,
466	X509V3_conf_free);
467	goto err;
468	}
469	ret = nref_nos(nref->noticenos, nos);
470	sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
471	if (!ret)
472	goto err;
473	} else {
474	X509V3err(X509V3_F_NOTICE_SECTION,
475	X509V3_R_INVALID_OPTION);
476	X509V3_conf_err(cnf);
477	goto err;
478	}
479	}
480
481	if (not->noticeref &&
482	(!not->noticeref->noticenos \|\| !not->noticeref->organization)) {
483	X509V3err(X509V3_F_NOTICE_SECTION,
484	X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
485	goto err;
486	}
487
488	return qual;
489
490	merr:
491	X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
492
493	err:
494	POLICYQUALINFO_free(qual);
495	return NULL;
496	}
497
498	static int
499	nref_nos(STACK_OF(ASN1_INTEGER) nnums, STACK_OF(CONF_VALUE) nos)
500	{
501	CONF_VALUE *cnf;
502	ASN1_INTEGER *aint;
503	int i;
504
505	for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
506	cnf = sk_CONF_VALUE_value(nos, i);
507	if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
508	X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
509	goto err;
510	}
511	if (!sk_ASN1_INTEGER_push(nnums, aint))
512	goto merr;
513	}
514	return 1;
515
516	merr:
517	X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
518
519	err:
520	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
521	return 0;
522	}
523
524	static int
525	i2r_certpol(X509V3_EXT_METHOD method, STACK_OF(POLICYINFO) pol, BIO *out,
526	int indent)
527	{
528	int i;
529	POLICYINFO *pinfo;
530
531	/* First print out the policy OIDs */
532	for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
533	pinfo = sk_POLICYINFO_value(pol, i);
534	BIO_printf(out, "%*sPolicy: ", indent, "");
535	i2a_ASN1_OBJECT(out, pinfo->policyid);
536	BIO_puts(out, "\n");
537	if (pinfo->qualifiers)
538	print_qualifiers(out, pinfo->qualifiers, indent + 2);
539	}
540	return 1;
541	}
542
543	static void
544	print_qualifiers(BIO out, STACK_OF(POLICYQUALINFO) quals, int indent)
545	{
546	POLICYQUALINFO *qualinfo;
547	int i;
548
549	for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
550	qualinfo = sk_POLICYQUALINFO_value(quals, i);
551	switch (OBJ_obj2nid(qualinfo->pqualid)) {
552	case NID_id_qt_cps:
553	BIO_printf(out, "%*sCPS: %s\n", indent, "",
554	qualinfo->d.cpsuri->data);
555	break;
556
557	case NID_id_qt_unotice:
558	BIO_printf(out, "%*sUser Notice:\n", indent, "");
559	print_notice(out, qualinfo->d.usernotice, indent + 2);
560	break;
561
562	default:
563	BIO_printf(out, "%*sUnknown Qualifier: ",
564	indent + 2, "");
565
566	i2a_ASN1_OBJECT(out, qualinfo->pqualid);
567	BIO_puts(out, "\n");
568	break;
569	}
570	}
571	}
572
573	static void
574	print_notice(BIO out, USERNOTICE notice, int indent)
575	{
576	int i;
577
578	if (notice->noticeref) {
579	NOTICEREF *ref;
580	ref = notice->noticeref;
581	BIO_printf(out, "%*sOrganization: %s\n", indent, "",
582	ref->organization->data);
583	BIO_printf(out, "%*sNumber%s: ", indent, "",
584	sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
585	for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
586	ASN1_INTEGER *num;
587	char *tmp;
588	num = sk_ASN1_INTEGER_value(ref->noticenos, i);
589	if (i)
590	BIO_puts(out, ", ");
591	tmp = i2s_ASN1_INTEGER(NULL, num);
592	BIO_puts(out, tmp);
593	free(tmp);
594	}
595	BIO_puts(out, "\n");
596	}
597	if (notice->exptext)
598	BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
599	notice->exptext->data);
600	}
601
602	void
603	X509_POLICY_NODE_print(BIO out, X509_POLICY_NODE node, int indent)
604	{
605	const X509_POLICY_DATA *dat = node->data;
606
607	BIO_printf(out, "%*sPolicy: ", indent, "");
608
609	i2a_ASN1_OBJECT(out, dat->valid_policy);
610	BIO_puts(out, "\n");
611	BIO_printf(out, "%*s%s\n", indent + 2, "",
612	node_data_critical(dat) ? "Critical" : "Non Critical");
613	if (dat->qualifier_set)
614	print_qualifiers(out, dat->qualifier_set, indent + 2);
615	else
616	BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
617	}