Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
090d848e
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
090d848e
编写于
9月 18, 1999
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Various CRL enhancements tidies and workaround for broken CRLs.
上级
9a0f732d
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
88 addition
and
17 deletion
+88
-17
CHANGES
CHANGES
+8
-0
apps/crl.c
apps/crl.c
+71
-5
crypto/asn1/x_crl.c
crypto/asn1/x_crl.c
+9
-12
未找到文件。
CHANGES
浏览文件 @
090d848e
...
...
@@ -4,6 +4,14 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) Add new -verify -CAfile and -CApath options to the crl program, these
will lookup a CRL issuers certificate and verify the signature in a
similar way to the verify program. Tidy up the crl program so it
no longer acesses structures directly. Make the ASN1 CRL parsing a bit
less strict. It will now permit CRL extensions even if it is not
a V2 CRL: this will allow it to tolerate some broken CRLs.
[Steve Henson]
*) Initialize all non-automatic variables each time one of the openssl
sub-programs is started (this is necessary as they may be started
multiple times from the "OpenSSL>" prompt).
...
...
apps/crl.c
浏览文件 @
090d848e
...
...
@@ -85,6 +85,8 @@ static char *crl_usage[]={
" -lastupdate - lastUpdate field
\n
"
,
" -nextupdate - nextUpdate field
\n
"
,
" -noout - no CRL output
\n
"
,
" -CAfile name - verify CRL using certificates in file
\"
name
\"\n
"
,
" -CApath dir - verify CRL using certificates in
\"
dir
\"\n
"
,
NULL
};
...
...
@@ -94,12 +96,19 @@ static BIO *bio_out=NULL;
int
MAIN
(
int
argc
,
char
**
argv
)
{
X509_CRL
*
x
=
NULL
;
char
*
CAfile
=
NULL
,
*
CApath
=
NULL
;
int
ret
=
1
,
i
,
num
,
badops
=
0
;
BIO
*
out
=
NULL
;
int
informat
,
outformat
;
char
*
infile
=
NULL
,
*
outfile
=
NULL
;
int
hash
=
0
,
issuer
=
0
,
lastupdate
=
0
,
nextupdate
=
0
,
noout
=
0
,
text
=
0
;
char
**
pp
,
buf
[
256
];
X509_STORE
*
store
=
NULL
;
X509_STORE_CTX
ctx
;
X509_LOOKUP
*
lookup
=
NULL
;
X509_OBJECT
xobj
;
EVP_PKEY
*
pkey
;
int
do_ver
=
0
;
apps_startup
();
...
...
@@ -146,6 +155,20 @@ int MAIN(int argc, char **argv)
if
(
--
argc
<
1
)
goto
bad
;
outfile
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-CApath"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
CApath
=
*
(
++
argv
);
do_ver
=
1
;
}
else
if
(
strcmp
(
*
argv
,
"-CAfile"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
CAfile
=
*
(
++
argv
);
do_ver
=
1
;
}
else
if
(
strcmp
(
*
argv
,
"-verify"
)
==
0
)
do_ver
=
1
;
else
if
(
strcmp
(
*
argv
,
"-text"
)
==
0
)
text
=
1
;
else
if
(
strcmp
(
*
argv
,
"-hash"
)
==
0
)
...
...
@@ -181,32 +204,71 @@ bad:
x
=
load_crl
(
infile
,
informat
);
if
(
x
==
NULL
)
{
goto
end
;
}
if
(
do_ver
)
{
store
=
X509_STORE_new
();
lookup
=
X509_STORE_add_lookup
(
store
,
X509_LOOKUP_file
());
if
(
lookup
==
NULL
)
goto
end
;
if
(
!
X509_LOOKUP_load_file
(
lookup
,
CAfile
,
X509_FILETYPE_PEM
))
X509_LOOKUP_load_file
(
lookup
,
NULL
,
X509_FILETYPE_DEFAULT
);
lookup
=
X509_STORE_add_lookup
(
store
,
X509_LOOKUP_hash_dir
());
if
(
lookup
==
NULL
)
goto
end
;
if
(
!
X509_LOOKUP_add_dir
(
lookup
,
CApath
,
X509_FILETYPE_PEM
))
X509_LOOKUP_add_dir
(
lookup
,
NULL
,
X509_FILETYPE_DEFAULT
);
ERR_clear_error
();
X509_STORE_CTX_init
(
&
ctx
,
store
,
NULL
,
NULL
);
i
=
X509_STORE_get_by_subject
(
&
ctx
,
X509_LU_X509
,
X509_CRL_get_issuer
(
x
),
&
xobj
);
if
(
i
<=
0
)
{
BIO_printf
(
bio_err
,
"Error getting CRL issuer certificate
\n
"
);
goto
end
;
}
pkey
=
X509_get_pubkey
(
xobj
.
data
.
x509
);
X509_OBJECT_free_contents
(
&
xobj
);
if
(
!
pkey
)
{
BIO_printf
(
bio_err
,
"Error getting CRL issuer public key
\n
"
);
goto
end
;
}
i
=
X509_CRL_verify
(
x
,
pkey
);
EVP_PKEY_free
(
pkey
);
if
(
i
<
0
)
goto
end
;
if
(
i
==
0
)
BIO_printf
(
bio_err
,
"verify failure
\n
"
);
else
BIO_printf
(
bio_err
,
"verify OK
\n
"
);
}
if
(
num
)
{
for
(
i
=
1
;
i
<=
num
;
i
++
)
{
if
(
issuer
==
i
)
{
X509_NAME_oneline
(
x
->
crl
->
issuer
,
buf
,
256
);
X509_NAME_oneline
(
X509_CRL_get_issuer
(
x
),
buf
,
256
);
BIO_printf
(
bio_out
,
"issuer= %s
\n
"
,
buf
);
}
if
(
hash
==
i
)
{
BIO_printf
(
bio_out
,
"%08lx
\n
"
,
X509_NAME_hash
(
x
->
crl
->
issuer
));
X509_NAME_hash
(
X509_CRL_get_issuer
(
x
)
));
}
if
(
lastupdate
==
i
)
{
BIO_printf
(
bio_out
,
"lastUpdate="
);
ASN1_TIME_print
(
bio_out
,
x
->
crl
->
lastUpdate
);
ASN1_TIME_print
(
bio_out
,
X509_CRL_get_lastUpdate
(
x
));
BIO_printf
(
bio_out
,
"
\n
"
);
}
if
(
nextupdate
==
i
)
{
BIO_printf
(
bio_out
,
"nextUpdate="
);
if
(
x
->
crl
->
nextUpdate
!=
NULL
)
ASN1_TIME_print
(
bio_out
,
x
->
crl
->
nextUpdate
);
if
(
X509_CRL_get_nextUpdate
(
x
))
ASN1_TIME_print
(
bio_out
,
X509_CRL_get_nextUpdate
(
x
));
else
BIO_printf
(
bio_out
,
"NONE"
);
BIO_printf
(
bio_out
,
"
\n
"
);
...
...
@@ -252,6 +314,10 @@ end:
BIO_free
(
bio_out
);
bio_out
=
NULL
;
X509_CRL_free
(
x
);
if
(
store
)
{
X509_STORE_CTX_cleanup
(
&
ctx
);
X509_STORE_free
(
store
);
}
X509V3_EXT_cleanup
();
EXIT
(
ret
);
}
...
...
crypto/asn1/x_crl.c
浏览文件 @
090d848e
...
...
@@ -190,20 +190,17 @@ X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, unsigned char **pp,
}
}
if
(
ver
>=
1
)
if
(
ret
->
extensions
!=
NULL
)
{
if
(
ret
->
extensions
!=
NULL
)
{
while
(
sk_X509_EXTENSION_num
(
ret
->
extensions
))
X509_EXTENSION_free
(
sk_X509_EXTENSION_pop
(
ret
->
extensions
));
}
M_ASN1_D2I_get_EXP_set_opt_type
(
X509_EXTENSION
,
ret
->
extensions
,
d2i_X509_EXTENSION
,
X509_EXTENSION_free
,
0
,
V_ASN1_SEQUENCE
);
while
(
sk_X509_EXTENSION_num
(
ret
->
extensions
))
X509_EXTENSION_free
(
sk_X509_EXTENSION_pop
(
ret
->
extensions
));
}
M_ASN1_D2I_get_EXP_set_opt_type
(
X509_EXTENSION
,
ret
->
extensions
,
d2i_X509_EXTENSION
,
X509_EXTENSION_free
,
0
,
V_ASN1_SEQUENCE
);
M_ASN1_D2I_Finish
(
a
,
X509_CRL_INFO_free
,
ASN1_F_D2I_X509_CRL_INFO
);
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录