Continuing adding X509 V3 support. This starts to integrate the code with

the main library, but only with printing at present. To see this try: openssl x509 -in cert.pem -text on a certificate with some extensions in it.

Continuing adding X509 V3 support. This starts to integrate the code with
the main library, but only with printing at present. To see this try: openssl x509 -in cert.pem -text on a certificate with some extensions in it.
834eeef9 · Dr. Stephen Henson · 9aeaf1b4 · 834eeef9 · 834eeef9 · 834eeef9
13 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
 Changes between 0.9.1c and 0.9.2
+  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+     error code, add initial support to X509_print() and x509 application.
  *) Takes a deep breath and start addding X509 V3 extension support code. Add
     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
     stuff is currently isolated and isn't even compiled yet.

--- a/Makefile.org
+++ b/Makefile.org
@@ -157,7 +157,7 @@ SDIRS=  \
 	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh \
 	buffer bio stack lhash rand pem err objects \
-	evp asn1 x509 conf txt_db pkcs7 comp
+	evp asn1 x509 x509v3 conf txt_db pkcs7 comp
 # If you change the INSTALLTOP, make sure to also change the values
 # in crypto/location.h

--- a/apps/x509.c
+++ b/apps/x509.c
@@ -69,6 +69,7 @@
 #include "bn.h"
 #include "evp.h"
 #include "x509.h"
+#include "x509v3.h"
 #include "objects.h"
 #include "pem.h"
@@ -305,7 +306,7 @@ bad:
 		}
 	ERR_load_crypto_strings();
-	X509v3_add_netscape_extensions();
+	X509V3_add_standard_extensions();
 	if (!X509_STORE_set_default_paths(ctx))
 		{

--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -29,7 +29,7 @@ SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
-	evp pem x509 \
+	evp pem x509 x509v3 \
 	asn1 conf txt_db pkcs7 comp
 GENERAL=Makefile README

--- a/crypto/asn1/asn1.err
+++ b/crypto/asn1/asn1.err
@@ -24,6 +24,7 @@
 #define ASN1_F_ASN1_TYPE_NEW				 119
 #define ASN1_F_ASN1_UTCTIME_NEW				 120
 #define ASN1_F_ASN1_VERIFY				 121
+#define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
 #define ASN1_F_BN_TO_ASN1_INTEGER			 122
 #define ASN1_F_D2I_ASN1_BIT_STRING			 123
 #define ASN1_F_D2I_ASN1_BMPSTRING			 124
@@ -40,6 +41,7 @@
 #define ASN1_F_D2I_ASN1_TYPE				 133
 #define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
 #define ASN1_F_D2I_ASN1_UTCTIME				 135
+#define ASN1_F_D2I_BASIC_CONSTRAINTS			 227
 #define ASN1_F_D2I_DHPARAMS				 136
 #define ASN1_F_D2I_DSAPARAMS				 137
 #define ASN1_F_D2I_DSAPRIVATEKEY			 138

--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -678,6 +678,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_ASN1_TYPE_NEW				 119
 #define ASN1_F_ASN1_UTCTIME_NEW				 120
 #define ASN1_F_ASN1_VERIFY				 121
+#define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
 #define ASN1_F_BN_TO_ASN1_INTEGER			 122
 #define ASN1_F_D2I_ASN1_BIT_STRING			 123
 #define ASN1_F_D2I_ASN1_BMPSTRING			 124
@@ -694,6 +695,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_D2I_ASN1_TYPE				 133
 #define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
 #define ASN1_F_D2I_ASN1_UTCTIME				 135
+#define ASN1_F_D2I_BASIC_CONSTRAINTS			 227
 #define ASN1_F_D2I_DHPARAMS				 136
 #define ASN1_F_D2I_DSAPARAMS				 137
 #define ASN1_F_D2I_DSAPRIVATEKEY			 138

--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -86,6 +86,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
 {ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_VERIFY"},
+{ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),	"BASIC_CONSTRAINTS_NEW"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"d2i_ASN1_BMPSTRING"},
@@ -102,6 +103,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),	"d2i_ASN1_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),	"d2i_ASN1_type_bytes"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"d2i_ASN1_UTCTIME"},
+{ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0),	"D2I_BASIC_CONSTRAINTS"},
 {ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"D2I_DHPARAMS"},
 {ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"D2I_DSAPARAMS"},
 {ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"D2I_DSAPRIVATEKEY"},

--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -68,6 +68,7 @@
 #endif
 #include "objects.h"
 #include "x509.h"
+#include "x509v3.h"
 #ifndef NO_FP_API
 int X509_print_fp(fp,x)
@@ -190,7 +191,9 @@ X509 *x;
 		BIO_printf(bp,"%8sX509v3 extensions:\n","");
 		for (i=0; i<n; i++)
 			{
+#if 0
 			int data_type,pack_type;
+#endif
 			ASN1_OBJECT *obj;
 			ex=X509_get_ext(x,i);
@@ -200,7 +203,7 @@ X509 *x;
 			j=X509_EXTENSION_get_critical(ex);
 			if (BIO_printf(bp,": %s\n%16s",j?"critical":"","") <= 0)
 				goto err;
+#if 0
 			pack_type=X509v3_pack_type_by_OBJ(obj);
 			data_type=X509v3_data_type_by_OBJ(obj);
@@ -231,7 +234,8 @@ X509 *x;
 						}
 					}
 				}
-			else
+#endif
+			if(!X509V3_EXT_print(bp, ex, 0))
 				{
 				ASN1_OCTET_STRING_print(bp,ex->value);
 				}

--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -108,6 +108,7 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_PROXY,0,0)		,"Proxy routines"},
 {ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
 {ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},
+{ERR_PACK(ERR_LIB_X509V3,0,0)		,"X509 V3 routines"},
 {0,NULL},
 	};

--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -116,6 +116,7 @@ typedef struct err_state_st
 #define ERR_LIB_PROXY		31
 #define ERR_LIB_BIO		32
 #define ERR_LIB_PKCS7		33
+#define ERR_LIB_X509V3		34
 #define ERR_LIB_USER		128
@@ -141,6 +142,7 @@ typedef struct err_state_st
 #define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__)
 #define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__)
 #define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
+#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),ERR_file_name,__LINE__)
 /* Borland C seems too stupid to be able to shift and do longs in
 * the pre-processor :-( */

--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -77,6 +77,7 @@
 #include "objects.h"
 #include "pem.h"
 #include "x509.h"
+#include "x509v3.h"
 #include "conf.h"
 #include "err.h"
@@ -110,6 +111,7 @@ void ERR_load_crypto_strings()
 	ERR_load_OBJ_strings();
 	ERR_load_PEM_strings();
 	ERR_load_X509_strings();
+	ERR_load_X509V3_strings();
 	ERR_load_CRYPTO_strings();
 	ERR_load_PKCS7_strings();
 #endif

--- a/crypto/err/ssleay.ec
+++ b/crypto/err/ssleay.ec
@@ -10,6 +10,7 @@ L BIO		bio/bio.err
 L OBJ		objects/objects.err
 L PEM		pem/pem.err
 L X509		x509/x509.err
+L X509V3	x509v3/x509v3.err
 L METH		meth/meth.err
 L ASN1		asn1/asn1.err
 L CONF		conf/conf.err

--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -602,8 +602,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
 &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
 &(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666.1 */
+&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
 &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
 &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
 &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */