Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
068fdce8
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
068fdce8
编写于
3月 07, 2000
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
New compatability trust and purpose settings.
上级
fa0ca35b
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
45 addition
and
15 deletion
+45
-15
CHANGES
CHANGES
+12
-0
crypto/x509/x509.h
crypto/x509/x509.h
+3
-1
crypto/x509/x509_trs.c
crypto/x509/x509_trs.c
+9
-8
crypto/x509/x509_vfy.c
crypto/x509/x509_vfy.c
+11
-4
crypto/x509v3/v3_purp.c
crypto/x509v3/v3_purp.c
+8
-1
crypto/x509v3/x509v3.h
crypto/x509v3/x509v3.h
+2
-1
未找到文件。
CHANGES
浏览文件 @
068fdce8
...
...
@@ -4,6 +4,18 @@
Changes between 0.9.5 and 0.9.5a [XX XXX 2000]
*) Add compatability options to the purpose and trust code. The
purpose X509_PURPOSE_ANY is "any purpose" which automatically
accepts a certificate or CA, this was the previous behaviour,
with all the associated security issues.
X509_TRUST_COMPAT is the old trust behaviour: only and
automatically trust self signed roots in certificate store. A
new trust setting X509_TRUST_DEFAULT is used to specify that
a purpose has no associated trust setting and it should instead
use the value in the default purpose.
[Steve Henson]
*) Fix the PKCS#8 DSA private key code so it decodes keys again
and fix a memory leak.
[Steve Henson]
...
...
crypto/x509/x509.h
浏览文件 @
068fdce8
...
...
@@ -284,7 +284,9 @@ DECLARE_STACK_OF(X509_TRUST)
/* standard trust ids */
#define X509_TRUST_ANY 1
#define X509_TRUST_DEFAULT -1
/* Only valid in purpose settings */
#define X509_TRUST_COMPAT 1
#define X509_TRUST_SSL_CLIENT 2
#define X509_TRUST_SSL_SERVER 3
#define X509_TRUST_EMAIL 4
...
...
crypto/x509/x509_trs.c
浏览文件 @
068fdce8
...
...
@@ -65,7 +65,7 @@ static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
static
void
trtable_free
(
X509_TRUST
*
p
);
static
int
trust_1oidany
(
X509_TRUST
*
trust
,
X509
*
x
,
int
flags
);
static
int
trust_
any
(
X509_TRUST
*
trust
,
X509
*
x
,
int
flags
);
static
int
trust_
compat
(
X509_TRUST
*
trust
,
X509
*
x
,
int
flags
);
static
int
obj_trust
(
int
id
,
X509
*
x
,
int
flags
);
static
int
(
*
default_trust
)(
int
id
,
X509
*
x
,
int
flags
)
=
obj_trust
;
...
...
@@ -76,7 +76,7 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
*/
static
X509_TRUST
trstandard
[]
=
{
{
X509_TRUST_
ANY
,
0
,
trust_any
,
"Any
"
,
0
,
NULL
},
{
X509_TRUST_
COMPAT
,
0
,
trust_compat
,
"compatible
"
,
0
,
NULL
},
{
X509_TRUST_SSL_CLIENT
,
0
,
trust_1oidany
,
"SSL Client"
,
NID_client_auth
,
NULL
},
{
X509_TRUST_SSL_SERVER
,
0
,
trust_1oidany
,
"SSL Client"
,
NID_server_auth
,
NULL
},
{
X509_TRUST_EMAIL
,
0
,
trust_1oidany
,
"S/MIME email"
,
NID_email_protect
,
NULL
},
...
...
@@ -107,8 +107,8 @@ int X509_check_trust(X509 *x, int id, int flags)
X509_TRUST
*
pt
;
int
idx
;
if
(
id
==
-
1
)
return
1
;
i
f
(
!
(
idx
=
X509_TRUST_get_by_id
(
id
)))
return
default_trust
(
id
,
x
,
flags
);
i
dx
=
X509_TRUST_get_by_id
(
id
);
if
(
idx
==
-
1
)
return
default_trust
(
id
,
x
,
flags
);
pt
=
X509_TRUST_get0
(
idx
);
return
pt
->
check_trust
(
pt
,
x
,
flags
);
}
...
...
@@ -230,6 +230,11 @@ static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
/* we don't have any trust settings: for compatibility
* we return trusted if it is self signed
*/
return
trust_compat
(
trust
,
x
,
flags
);
}
static
int
trust_compat
(
X509_TRUST
*
trust
,
X509
*
x
,
int
flags
)
{
X509_check_purpose
(
x
,
-
1
,
0
);
if
(
x
->
ex_flags
&
EXFLAG_SS
)
return
X509_TRUST_TRUSTED
;
else
return
X509_TRUST_UNTRUSTED
;
...
...
@@ -257,7 +262,3 @@ static int obj_trust(int id, X509 *x, int flags)
return
X509_TRUST_UNTRUSTED
;
}
static
int
trust_any
(
X509_TRUST
*
trust
,
X509
*
x
,
int
flags
)
{
return
X509_TRUST_TRUSTED
;
}
crypto/x509/x509_vfy.c
浏览文件 @
068fdce8
...
...
@@ -771,18 +771,25 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
if
(
!
purpose
)
purpose
=
def_purpose
;
/* If we have a purpose then check it is valid */
if
(
purpose
)
{
X509_PURPOSE
*
ptmp
;
idx
=
X509_PURPOSE_get_by_id
(
purpose
);
if
(
idx
==
-
1
)
{
X509err
(
X509_F_X509_STORE_CTX_PURPOSE_INHERIT
,
X509_R_UNKNOWN_PURPOSE_ID
);
return
0
;
}
/* If trust not set then get from purpose default */
if
(
!
trust
)
{
X509_PURPOSE
*
ptmp
;
ptmp
=
X509_PURPOSE_get0
(
idx
);
if
(
ptmp
->
trust
==
X509_TRUST_DEFAULT
)
{
idx
=
X509_PURPOSE_get_by_id
(
def_purpose
);
if
(
idx
==
-
1
)
{
X509err
(
X509_F_X509_STORE_CTX_PURPOSE_INHERIT
,
X509_R_UNKNOWN_PURPOSE_ID
);
return
0
;
}
ptmp
=
X509_PURPOSE_get0
(
idx
);
trust
=
ptmp
->
trust
;
}
/* If trust not set then get from purpose default */
if
(
!
trust
)
trust
=
ptmp
->
trust
;
}
if
(
trust
)
{
idx
=
X509_TRUST_get_by_id
(
trust
);
...
...
crypto/x509v3/v3_purp.c
浏览文件 @
068fdce8
...
...
@@ -71,6 +71,7 @@ static int purpose_smime(X509 *x, int ca);
static
int
check_purpose_smime_sign
(
X509_PURPOSE
*
xp
,
X509
*
x
,
int
ca
);
static
int
check_purpose_smime_encrypt
(
X509_PURPOSE
*
xp
,
X509
*
x
,
int
ca
);
static
int
check_purpose_crl_sign
(
X509_PURPOSE
*
xp
,
X509
*
x
,
int
ca
);
static
int
no_check
(
X509_PURPOSE
*
xp
,
X509
*
x
,
int
ca
);
static
int
xp_cmp
(
X509_PURPOSE
**
a
,
X509_PURPOSE
**
b
);
static
void
xptable_free
(
X509_PURPOSE
*
p
);
...
...
@@ -81,7 +82,8 @@ static X509_PURPOSE xstandard[] = {
{
X509_PURPOSE_NS_SSL_SERVER
,
X509_TRUST_SSL_SERVER
,
0
,
check_purpose_ns_ssl_server
,
"Netscape SSL server"
,
"nssslserver"
,
NULL
},
{
X509_PURPOSE_SMIME_SIGN
,
X509_TRUST_EMAIL
,
0
,
check_purpose_smime_sign
,
"S/MIME signing"
,
"smimesign"
,
NULL
},
{
X509_PURPOSE_SMIME_ENCRYPT
,
X509_TRUST_EMAIL
,
0
,
check_purpose_smime_encrypt
,
"S/MIME encryption"
,
"smimeencrypt"
,
NULL
},
{
X509_PURPOSE_CRL_SIGN
,
X509_TRUST_ANY
,
0
,
check_purpose_crl_sign
,
"CRL signing"
,
"crlsign"
,
NULL
},
{
X509_PURPOSE_CRL_SIGN
,
X509_TRUST_COMPAT
,
0
,
check_purpose_crl_sign
,
"CRL signing"
,
"crlsign"
,
NULL
},
{
X509_PURPOSE_ANY
,
X509_TRUST_DEFAULT
,
0
,
no_check
,
"Any Purpose"
,
"any"
,
NULL
},
};
#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
...
...
@@ -454,3 +456,8 @@ static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca)
if
(
ku_reject
(
x
,
KU_CRL_SIGN
))
return
0
;
return
1
;
}
static
int
no_check
(
X509_PURPOSE
*
xp
,
X509
*
x
,
int
ca
)
{
return
1
;
}
crypto/x509v3/x509v3.h
浏览文件 @
068fdce8
...
...
@@ -344,9 +344,10 @@ typedef struct x509_purpose_st {
#define X509_PURPOSE_SMIME_SIGN 4
#define X509_PURPOSE_SMIME_ENCRYPT 5
#define X509_PURPOSE_CRL_SIGN 6
#define X509_PURPOSE_ANY 7
#define X509_PURPOSE_MIN 1
#define X509_PURPOSE_MAX
6
#define X509_PURPOSE_MAX
7
DECLARE_STACK_OF
(
X509_PURPOSE
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录