提交 68c12bfc 编写于 作者: D Dr. Stephen Henson

Add X509_get0_serialNumber() and constify OCSP_cert_to_id()

Reviewed-by: NMatt Caswell <matt@openssl.org>
上级 11222483
...@@ -19,16 +19,17 @@ ...@@ -19,16 +19,17 @@
/* Convert a certificate and its issuer to an OCSP_CERTID */ /* Convert a certificate and its issuer to an OCSP_CERTID */
OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
const X509 *issuer)
{ {
X509_NAME *iname; X509_NAME *iname;
ASN1_INTEGER *serial; const ASN1_INTEGER *serial;
ASN1_BIT_STRING *ikey; ASN1_BIT_STRING *ikey;
if (!dgst) if (!dgst)
dgst = EVP_sha1(); dgst = EVP_sha1();
if (subject) { if (subject) {
iname = X509_get_issuer_name(subject); iname = X509_get_issuer_name(subject);
serial = X509_get_serialNumber(subject); serial = X509_get0_serialNumber(subject);
} else { } else {
iname = X509_get_subject_name(issuer); iname = X509_get_subject_name(issuer);
serial = NULL; serial = NULL;
...@@ -38,9 +39,9 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) ...@@ -38,9 +39,9 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
} }
OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
X509_NAME *issuerName, const X509_NAME *issuerName,
ASN1_BIT_STRING *issuerKey, const ASN1_BIT_STRING *issuerKey,
ASN1_INTEGER *serialNumber) const ASN1_INTEGER *serialNumber)
{ {
int nid; int nid;
unsigned int i; unsigned int i;
......
...@@ -107,6 +107,11 @@ ASN1_INTEGER *X509_get_serialNumber(X509 *a) ...@@ -107,6 +107,11 @@ ASN1_INTEGER *X509_get_serialNumber(X509 *a)
return &a->cert_info.serialNumber; return &a->cert_info.serialNumber;
} }
const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
{
return &a->cert_info.serialNumber;
}
unsigned long X509_subject_name_hash(X509 *x) unsigned long X509_subject_name_hash(X509 *x)
{ {
return (X509_NAME_hash(x->cert_info.subject)); return (X509_NAME_hash(x->cert_info.subject));
......
...@@ -2,14 +2,17 @@ ...@@ -2,14 +2,17 @@
=head1 NAME =head1 NAME
X509_get_serialNumber, X509_set_serialNumber - get or set certificate serial X509_get_serialNumber,
number X509_get0_serialNumber,
X509_set_serialNumber
- get or set certificate serial number
=head1 SYNOPSIS =head1 SYNOPSIS
#include <openssl/x509.h> #include <openssl/x509.h>
ASN1_INTEGER *X509_get_serialNumber(X509 *x); ASN1_INTEGER *X509_get_serialNumber(X509 *x);
const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
=head1 DESCRIPTION =head1 DESCRIPTION
...@@ -18,13 +21,17 @@ X509_get_serialNumber() returns the serial number of certificate B<x> as an ...@@ -18,13 +21,17 @@ X509_get_serialNumber() returns the serial number of certificate B<x> as an
B<ASN1_INTEGER> structure which can be examined or initialised. The value B<ASN1_INTEGER> structure which can be examined or initialised. The value
returned is an internal pointer which B<MUST NOT> be freed up after the call. returned is an internal pointer which B<MUST NOT> be freed up after the call.
X509_get0_serialNumber() is the same as X509_get_serialNumber() except it
accepts a const parameter and returns a const result.
X509_set_serialNumber() sets the serial number of certificate B<x> to X509_set_serialNumber() sets the serial number of certificate B<x> to
B<serial>. A copy of the serial number is used internally so B<serial> should B<serial>. A copy of the serial number is used internally so B<serial> should
be freed up after use. be freed up after use.
=head1 RETURN VALUES =head1 RETURN VALUES
X509_get_serialNumber() returns an B<ASN1_INTEGER> structure. X509_get_serialNumber() and X509_get0_serialNumber() return an B<ASN1_INTEGER>
structure.
X509_set_serialNumber() returns 1 for success and 0 for failure. X509_set_serialNumber() returns 1 for success and 0 for failure.
...@@ -50,7 +57,7 @@ L<X509_verify_cert(3)> ...@@ -50,7 +57,7 @@ L<X509_verify_cert(3)>
=head1 HISTORY =head1 HISTORY
X509_get_serialNumber() and X509_set_serialNumber() are available in X509_get_serialNumber() and X509_set_serialNumber() are available in
all versions of OpenSSL. all versions of OpenSSL. X509_get0_serialNumber() was added in OpenSSL 1.1.0.
=head1 COPYRIGHT =head1 COPYRIGHT
......
...@@ -182,12 +182,13 @@ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); ...@@ -182,12 +182,13 @@ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
const char *name, const char *value); const char *name, const char *value);
OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
const X509 *issuer);
OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
X509_NAME *issuerName, const X509_NAME *issuerName,
ASN1_BIT_STRING *issuerKey, const ASN1_BIT_STRING *issuerKey,
ASN1_INTEGER *serialNumber); const ASN1_INTEGER *serialNumber);
OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
......
...@@ -617,6 +617,7 @@ long X509_get_version(const X509 *x); ...@@ -617,6 +617,7 @@ long X509_get_version(const X509 *x);
int X509_set_version(X509 *x, long version); int X509_set_version(X509 *x, long version);
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
ASN1_INTEGER *X509_get_serialNumber(X509 *x); ASN1_INTEGER *X509_get_serialNumber(X509 *x);
const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
int X509_set_issuer_name(X509 *x, X509_NAME *name); int X509_set_issuer_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_issuer_name(const X509 *a); X509_NAME *X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name); int X509_set_subject_name(X509 *x, X509_NAME *name);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册