diff options
author | beck <> | 2001-06-22 00:03:44 +0000 |
---|---|---|
committer | beck <> | 2001-06-22 00:03:44 +0000 |
commit | 38b6ff9e5294811c57541ad47940f8f8f41dc114 (patch) | |
tree | 402699541cee3cf3f2943b0384dbda7de534de70 /src/lib/libcrypto/x509v3 | |
parent | afae624d63e4e717c5bae8c7842a4712309f728f (diff) | |
download | openbsd-38b6ff9e5294811c57541ad47940f8f8f41dc114.tar.gz openbsd-38b6ff9e5294811c57541ad47940f8f8f41dc114.tar.bz2 openbsd-38b6ff9e5294811c57541ad47940f8f8f41dc114.zip |
openssl-engine-0.9.6a merge
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r-- | src/lib/libcrypto/x509v3/Makefile.ssl | 3 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/v3_alt.c | 2 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/v3_prn.c | 26 | ||||
-rw-r--r-- | src/lib/libcrypto/x509v3/v3_purp.c | 6 |
4 files changed, 27 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl index f7c3a6ca13..236e13af4e 100644 --- a/src/lib/libcrypto/x509v3/Makefile.ssl +++ b/src/lib/libcrypto/x509v3/Makefile.ssl | |||
@@ -43,7 +43,8 @@ all: lib | |||
43 | 43 | ||
44 | lib: $(LIBOBJ) | 44 | lib: $(LIBOBJ) |
45 | $(AR) $(LIB) $(LIBOBJ) | 45 | $(AR) $(LIB) $(LIBOBJ) |
46 | $(RANLIB) $(LIB) | 46 | @echo You may get an error following this line. Please ignore. |
47 | - $(RANLIB) $(LIB) | ||
47 | @touch lib | 48 | @touch lib |
48 | 49 | ||
49 | files: | 50 | files: |
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c index 733919f250..94bebcd448 100644 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ b/src/lib/libcrypto/x509v3/v3_alt.c | |||
@@ -270,7 +270,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) | |||
270 | /* Now add any email address(es) to STACK */ | 270 | /* Now add any email address(es) to STACK */ |
271 | i = -1; | 271 | i = -1; |
272 | while((i = X509_NAME_get_index_by_NID(nm, | 272 | while((i = X509_NAME_get_index_by_NID(nm, |
273 | NID_pkcs9_emailAddress, i)) > 0) { | 273 | NID_pkcs9_emailAddress, i)) >= 0) { |
274 | ne = X509_NAME_get_entry(nm, i); | 274 | ne = X509_NAME_get_entry(nm, i); |
275 | email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); | 275 | email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); |
276 | if(!email || !(gen = GENERAL_NAME_new())) { | 276 | if(!email || !(gen = GENERAL_NAME_new())) { |
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c index dbc4fb1f16..14b804c4ad 100644 --- a/src/lib/libcrypto/x509v3/v3_prn.c +++ b/src/lib/libcrypto/x509v3/v3_prn.c | |||
@@ -85,9 +85,16 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) | |||
85 | else BIO_printf(out, "%s:%s", nval->name, nval->value); | 85 | else BIO_printf(out, "%s:%s", nval->name, nval->value); |
86 | #else | 86 | #else |
87 | else { | 87 | else { |
88 | char tmp[10240]; /* 10k is BIO_printf's limit anyway */ | 88 | int len; |
89 | ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1); | 89 | char *tmp; |
90 | BIO_printf(out, "%s:%s", nval->name, tmp); | 90 | len = strlen(nval->value)+1; |
91 | tmp = OPENSSL_malloc(len); | ||
92 | if (tmp) | ||
93 | { | ||
94 | ascii2ebcdic(tmp, nval->value, len); | ||
95 | BIO_printf(out, "%s:%s", nval->name, tmp); | ||
96 | OPENSSL_free(tmp); | ||
97 | } | ||
91 | } | 98 | } |
92 | #endif | 99 | #endif |
93 | if(ml) BIO_puts(out, "\n"); | 100 | if(ml) BIO_puts(out, "\n"); |
@@ -115,9 +122,16 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent) | |||
115 | BIO_printf(out, "%*s%s", indent, "", value); | 122 | BIO_printf(out, "%*s%s", indent, "", value); |
116 | #else | 123 | #else |
117 | { | 124 | { |
118 | char tmp[10240]; /* 10k is BIO_printf's limit anyway */ | 125 | int len; |
119 | ascii2ebcdic(tmp, value, strlen(value)+1); | 126 | char *tmp; |
120 | BIO_printf(out, "%*s%s", indent, "", tmp); | 127 | len = strlen(value)+1; |
128 | tmp = OPENSSL_malloc(len); | ||
129 | if (tmp) | ||
130 | { | ||
131 | ascii2ebcdic(tmp, value, len); | ||
132 | BIO_printf(out, "%*s%s", indent, "", tmp); | ||
133 | OPENSSL_free(tmp); | ||
134 | } | ||
121 | } | 135 | } |
122 | #endif | 136 | #endif |
123 | } else if(method->i2v) { | 137 | } else if(method->i2v) { |
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c index 867699b26f..8aecd00e63 100644 --- a/src/lib/libcrypto/x509v3/v3_purp.c +++ b/src/lib/libcrypto/x509v3/v3_purp.c | |||
@@ -362,6 +362,8 @@ static int ca_check(const X509 *x) | |||
362 | else return 0; | 362 | else return 0; |
363 | } else { | 363 | } else { |
364 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; | 364 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; |
365 | /* If key usage present it must have certSign so tolerate it */ | ||
366 | else if (x->ex_flags & EXFLAG_KUSAGE) return 3; | ||
365 | else return 2; | 367 | else return 2; |
366 | } | 368 | } |
367 | } | 369 | } |
@@ -380,7 +382,7 @@ static int check_ssl_ca(const X509 *x) | |||
380 | if(ca_ret != 2) return ca_ret; | 382 | if(ca_ret != 2) return ca_ret; |
381 | else return 0; | 383 | else return 0; |
382 | } | 384 | } |
383 | 385 | ||
384 | 386 | ||
385 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) | 387 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) |
386 | { | 388 | { |
@@ -446,7 +448,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c | |||
446 | int ret; | 448 | int ret; |
447 | ret = purpose_smime(x, ca); | 449 | ret = purpose_smime(x, ca); |
448 | if(!ret || ca) return ret; | 450 | if(!ret || ca) return ret; |
449 | if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; | 451 | if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0; |
450 | return ret; | 452 | return ret; |
451 | } | 453 | } |
452 | 454 | ||