summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3
diff options
context:
space:
mode:
authorbeck <>2001-06-22 00:03:44 +0000
committerbeck <>2001-06-22 00:03:44 +0000
commit38b6ff9e5294811c57541ad47940f8f8f41dc114 (patch)
tree402699541cee3cf3f2943b0384dbda7de534de70 /src/lib/libcrypto/x509v3
parentafae624d63e4e717c5bae8c7842a4712309f728f (diff)
downloadopenbsd-38b6ff9e5294811c57541ad47940f8f8f41dc114.tar.gz
openbsd-38b6ff9e5294811c57541ad47940f8f8f41dc114.tar.bz2
openbsd-38b6ff9e5294811c57541ad47940f8f8f41dc114.zip
openssl-engine-0.9.6a merge
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r--src/lib/libcrypto/x509v3/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c26
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c6
4 files changed, 27 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl
index f7c3a6ca13..236e13af4e 100644
--- a/src/lib/libcrypto/x509v3/Makefile.ssl
+++ b/src/lib/libcrypto/x509v3/Makefile.ssl
@@ -43,7 +43,8 @@ all: lib
43 43
44lib: $(LIBOBJ) 44lib: $(LIBOBJ)
45 $(AR) $(LIB) $(LIBOBJ) 45 $(AR) $(LIB) $(LIBOBJ)
46 $(RANLIB) $(LIB) 46 @echo You may get an error following this line. Please ignore.
47 - $(RANLIB) $(LIB)
47 @touch lib 48 @touch lib
48 49
49files: 50files:
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 733919f250..94bebcd448 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -270,7 +270,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
270 /* Now add any email address(es) to STACK */ 270 /* Now add any email address(es) to STACK */
271 i = -1; 271 i = -1;
272 while((i = X509_NAME_get_index_by_NID(nm, 272 while((i = X509_NAME_get_index_by_NID(nm,
273 NID_pkcs9_emailAddress, i)) > 0) { 273 NID_pkcs9_emailAddress, i)) >= 0) {
274 ne = X509_NAME_get_entry(nm, i); 274 ne = X509_NAME_get_entry(nm, i);
275 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); 275 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
276 if(!email || !(gen = GENERAL_NAME_new())) { 276 if(!email || !(gen = GENERAL_NAME_new())) {
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
index dbc4fb1f16..14b804c4ad 100644
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -85,9 +85,16 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
85 else BIO_printf(out, "%s:%s", nval->name, nval->value); 85 else BIO_printf(out, "%s:%s", nval->name, nval->value);
86#else 86#else
87 else { 87 else {
88 char tmp[10240]; /* 10k is BIO_printf's limit anyway */ 88 int len;
89 ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1); 89 char *tmp;
90 BIO_printf(out, "%s:%s", nval->name, tmp); 90 len = strlen(nval->value)+1;
91 tmp = OPENSSL_malloc(len);
92 if (tmp)
93 {
94 ascii2ebcdic(tmp, nval->value, len);
95 BIO_printf(out, "%s:%s", nval->name, tmp);
96 OPENSSL_free(tmp);
97 }
91 } 98 }
92#endif 99#endif
93 if(ml) BIO_puts(out, "\n"); 100 if(ml) BIO_puts(out, "\n");
@@ -115,9 +122,16 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
115 BIO_printf(out, "%*s%s", indent, "", value); 122 BIO_printf(out, "%*s%s", indent, "", value);
116#else 123#else
117 { 124 {
118 char tmp[10240]; /* 10k is BIO_printf's limit anyway */ 125 int len;
119 ascii2ebcdic(tmp, value, strlen(value)+1); 126 char *tmp;
120 BIO_printf(out, "%*s%s", indent, "", tmp); 127 len = strlen(value)+1;
128 tmp = OPENSSL_malloc(len);
129 if (tmp)
130 {
131 ascii2ebcdic(tmp, value, len);
132 BIO_printf(out, "%*s%s", indent, "", tmp);
133 OPENSSL_free(tmp);
134 }
121 } 135 }
122#endif 136#endif
123 } else if(method->i2v) { 137 } else if(method->i2v) {
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index 867699b26f..8aecd00e63 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -362,6 +362,8 @@ static int ca_check(const X509 *x)
362 else return 0; 362 else return 0;
363 } else { 363 } else {
364 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; 364 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
365 /* If key usage present it must have certSign so tolerate it */
366 else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
365 else return 2; 367 else return 2;
366 } 368 }
367} 369}
@@ -380,7 +382,7 @@ static int check_ssl_ca(const X509 *x)
380 if(ca_ret != 2) return ca_ret; 382 if(ca_ret != 2) return ca_ret;
381 else return 0; 383 else return 0;
382} 384}
383 385
384 386
385static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) 387static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
386{ 388{
@@ -446,7 +448,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c
446 int ret; 448 int ret;
447 ret = purpose_smime(x, ca); 449 ret = purpose_smime(x, ca);
448 if(!ret || ca) return ret; 450 if(!ret || ca) return ret;
449 if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; 451 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
450 return ret; 452 return ret;
451} 453}
452 454