Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
d943e372
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
d943e372
编写于
4月 21, 1999
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Suppport for CRL distribution points extension. Also document some of
this stuff.
上级
59b82e4f
变更
13
隐藏空白更改
内联
并排
Showing
13 changed file
with
430 addition
and
18 deletion
+430
-18
CHANGES
CHANGES
+6
-1
STATUS
STATUS
+2
-1
crypto/asn1/asn1.err
crypto/asn1/asn1.err
+4
-0
crypto/asn1/asn1.h
crypto/asn1/asn1.h
+4
-0
crypto/asn1/asn1_err.c
crypto/asn1/asn1_err.c
+4
-0
crypto/x509v3/Makefile.ssl
crypto/x509v3/Makefile.ssl
+2
-2
crypto/x509v3/v3_cpols.c
crypto/x509v3/v3_cpols.c
+7
-12
crypto/x509v3/v3_crld.c
crypto/x509v3/v3_crld.c
+290
-0
crypto/x509v3/v3_lib.c
crypto/x509v3/v3_lib.c
+2
-1
crypto/x509v3/v3err.c
crypto/x509v3/v3err.c
+1
-0
crypto/x509v3/x509v3.err
crypto/x509v3/x509v3.err
+1
-0
crypto/x509v3/x509v3.h
crypto/x509v3/x509v3.h
+33
-0
doc/openssl.txt
doc/openssl.txt
+74
-1
未找到文件。
CHANGES
浏览文件 @
d943e372
...
...
@@ -5,6 +5,10 @@
Changes between 0.9.2b and 0.9.3
*) Add support for CRL distribution points extension. Add Certificate
Policies and CRL distribution points documentation.
[Steve Henson]
*) Move the autogenerated header file parts to crypto/opensslconf.h.
[Ulf Möller]
...
...
@@ -23,6 +27,7 @@
*) Fix problems with sizeof(long) == 8.
[Andy Polyakov <appro@fy.chalmers.se>]
>>>>>>> 1.185
*) Change functions to ANSI C.
[Ulf Möller]
...
...
@@ -36,7 +41,7 @@
[Andy Polyakov <appro@fy.chalmers.se>]
*) Support for Certificate Policies extension: both print and set.
Various additions to support the r2i method this
extension will use
.
Various additions to support the r2i method this
uses
.
[Steve Henson]
*) A lot of constification, and fix a bug in X509_NAME_oneline() that could
...
...
STATUS
浏览文件 @
d943e372
OpenSSL STATUS Last modified at
______________ $Date: 1999/04/21 17:
30:41
$
______________ $Date: 1999/04/21 17:
44:32
$
DEVELOPMENT STATE
...
...
@@ -40,6 +40,7 @@
PKCS#12 code cleanup and enhancement.
PKCS #8 and PKCS#5 v2.0 support.
Private key, certificate and CRL API and implementation.
Redo error code and DEF file generation scripts.
o Mark is currently working on:
Folding in any changes that are in the C2Net code base that were
...
...
crypto/asn1/asn1.err
浏览文件 @
d943e372
...
...
@@ -57,6 +57,8 @@
#define ASN1_F_D2I_AUTHORITY_KEYID 238
#define ASN1_F_D2I_BASIC_CONSTRAINTS 227
#define ASN1_F_D2I_DHPARAMS 136
#define ASN1_F_D2I_DIST_POINT 276
#define ASN1_F_D2I_DIST_POINT_NAME 277
#define ASN1_F_D2I_DSAPARAMS 137
#define ASN1_F_D2I_DSAPRIVATEKEY 138
#define ASN1_F_D2I_DSAPUBLICKEY 139
...
...
@@ -113,6 +115,8 @@
#define ASN1_F_D2I_X509_REVOKED 173
#define ASN1_F_D2I_X509_SIG 174
#define ASN1_F_D2I_X509_VAL 175
#define ASN1_F_DIST_POINT_NAME_NEW 278
#define ASN1_F_DIST_POINT_NEW 279
#define ASN1_F_GENERAL_NAME_NEW 231
#define ASN1_F_I2D_ASN1_HEADER 176
#define ASN1_F_I2D_ASN1_TIME 225
...
...
crypto/asn1/asn1.h
浏览文件 @
d943e372
...
...
@@ -864,6 +864,8 @@ ASN1_STRING *ASN1_pack_string();
#define ASN1_F_D2I_AUTHORITY_KEYID 238
#define ASN1_F_D2I_BASIC_CONSTRAINTS 227
#define ASN1_F_D2I_DHPARAMS 136
#define ASN1_F_D2I_DIST_POINT 276
#define ASN1_F_D2I_DIST_POINT_NAME 277
#define ASN1_F_D2I_DSAPARAMS 137
#define ASN1_F_D2I_DSAPRIVATEKEY 138
#define ASN1_F_D2I_DSAPUBLICKEY 139
...
...
@@ -920,6 +922,8 @@ ASN1_STRING *ASN1_pack_string();
#define ASN1_F_D2I_X509_REVOKED 173
#define ASN1_F_D2I_X509_SIG 174
#define ASN1_F_D2I_X509_VAL 175
#define ASN1_F_DIST_POINT_NAME_NEW 278
#define ASN1_F_DIST_POINT_NEW 279
#define ASN1_F_GENERAL_NAME_NEW 231
#define ASN1_F_I2D_ASN1_HEADER 176
#define ASN1_F_I2D_ASN1_TIME 225
...
...
crypto/asn1/asn1_err.c
浏览文件 @
d943e372
...
...
@@ -119,6 +119,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{
ERR_PACK
(
0
,
ASN1_F_D2I_AUTHORITY_KEYID
,
0
),
"D2I_AUTHORITY_KEYID"
},
{
ERR_PACK
(
0
,
ASN1_F_D2I_BASIC_CONSTRAINTS
,
0
),
"D2I_BASIC_CONSTRAINTS"
},
{
ERR_PACK
(
0
,
ASN1_F_D2I_DHPARAMS
,
0
),
"D2I_DHPARAMS"
},
{
ERR_PACK
(
0
,
ASN1_F_D2I_DIST_POINT
,
0
),
"D2I_DIST_POINT"
},
{
ERR_PACK
(
0
,
ASN1_F_D2I_DIST_POINT_NAME
,
0
),
"D2I_DIST_POINT_NAME"
},
{
ERR_PACK
(
0
,
ASN1_F_D2I_DSAPARAMS
,
0
),
"D2I_DSAPARAMS"
},
{
ERR_PACK
(
0
,
ASN1_F_D2I_DSAPRIVATEKEY
,
0
),
"D2I_DSAPRIVATEKEY"
},
{
ERR_PACK
(
0
,
ASN1_F_D2I_DSAPUBLICKEY
,
0
),
"D2I_DSAPUBLICKEY"
},
...
...
@@ -175,6 +177,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{
ERR_PACK
(
0
,
ASN1_F_D2I_X509_REVOKED
,
0
),
"D2I_X509_REVOKED"
},
{
ERR_PACK
(
0
,
ASN1_F_D2I_X509_SIG
,
0
),
"D2I_X509_SIG"
},
{
ERR_PACK
(
0
,
ASN1_F_D2I_X509_VAL
,
0
),
"D2I_X509_VAL"
},
{
ERR_PACK
(
0
,
ASN1_F_DIST_POINT_NAME_NEW
,
0
),
"DIST_POINT_NAME_NEW"
},
{
ERR_PACK
(
0
,
ASN1_F_DIST_POINT_NEW
,
0
),
"DIST_POINT_NEW"
},
{
ERR_PACK
(
0
,
ASN1_F_GENERAL_NAME_NEW
,
0
),
"GENERAL_NAME_NEW"
},
{
ERR_PACK
(
0
,
ASN1_F_I2D_ASN1_HEADER
,
0
),
"i2d_ASN1_HEADER"
},
{
ERR_PACK
(
0
,
ASN1_F_I2D_ASN1_TIME
,
0
),
"i2d_ASN1_TIME"
},
...
...
crypto/x509v3/Makefile.ssl
浏览文件 @
d943e372
...
...
@@ -24,10 +24,10 @@ APPS=
LIB
=
$(TOP)
/libcrypto.a
LIBSRC
=
v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c
\
v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c
\
v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c
v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c
v3_crld.c
LIBOBJ
=
v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o
\
v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o
\
v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o
v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o
v3_crld.o
SRC
=
$(LIBSRC)
...
...
crypto/x509v3/v3_cpols.c
浏览文件 @
d943e372
...
...
@@ -209,15 +209,14 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK *polstrs)
return
pol
;
err:
POLICYINFO_free
(
pol
);
return
NULL
;
merr:
X509V3err
(
X509V3_F_POLICY_SECTION
,
ERR_R_MALLOC_FAILURE
);
err:
POLICYINFO_free
(
pol
);
return
NULL
;
}
static
POLICYQUALINFO
*
notice_section
(
X509V3_CTX
*
ctx
,
STACK
*
unot
)
...
...
@@ -277,12 +276,10 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK *unot)
return
qual
;
err:
POLICYQUALINFO_free
(
qual
);
return
NULL
;
merr:
X509V3err
(
X509V3_F_NOTICE_SECTION
,
ERR_R_MALLOC_FAILURE
);
err:
POLICYQUALINFO_free
(
qual
);
return
NULL
;
}
...
...
@@ -304,12 +301,10 @@ static STACK *nref_nos(STACK *nos)
}
return
nnums
;
err:
sk_pop_free
(
nnums
,
ASN1_STRING_free
);
return
NULL
;
merr:
X509V3err
(
X509V3_F_NOTICE_SECTION
,
ERR_R_MALLOC_FAILURE
);
err:
sk_pop_free
(
nnums
,
ASN1_STRING_free
);
return
NULL
;
}
...
...
crypto/x509v3/v3_crld.c
0 → 100644
浏览文件 @
d943e372
/* v3_crld.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include "cryptlib.h"
#include "conf.h"
#include "asn1.h"
#include "asn1_mac.h"
#include "x509v3.h"
static
STACK
*
i2v_crld
(
X509V3_EXT_METHOD
*
method
,
STACK_OF
(
DIST_POINT
)
*
crld
,
STACK
*
extlist
);
static
STACK_OF
(
DIST_POINT
)
*
v2i_crld
(
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
STACK
*
nval
);
X509V3_EXT_METHOD
v3_crld
=
{
NID_crl_distribution_points
,
X509V3_EXT_MULTILINE
,
(
X509V3_EXT_NEW
)
CRL_DIST_POINTS_new
,
CRL_DIST_POINTS_free
,
(
X509V3_EXT_D2I
)
d2i_CRL_DIST_POINTS
,
i2d_CRL_DIST_POINTS
,
NULL
,
NULL
,
(
X509V3_EXT_I2V
)
i2v_crld
,
(
X509V3_EXT_V2I
)
v2i_crld
,
NULL
,
NULL
,
NULL
};
/*
* ASN1err(ASN1_F_DIST_POINT_NEW,ERR_R_MALLOC_FAILURE);
* ASN1err(ASN1_F_D2I_DIST_POINT,ERR_R_MALLOC_FAILURE);
* ASN1err(ASN1_F_DIST_POINT_NAME_NEW,ERR_R_MALLOC_FAILURE);
* ASN1err(ASN1_F_D2I_DIST_POINT_NAME,ERR_R_MALLOC_FAILURE);
*/
static
STACK
*
i2v_crld
(
X509V3_EXT_METHOD
*
method
,
STACK_OF
(
DIST_POINT
)
*
crld
,
STACK
*
exts
)
{
DIST_POINT
*
point
;
int
i
;
for
(
i
=
0
;
i
<
sk_DIST_POINT_num
(
crld
);
i
++
)
{
point
=
sk_DIST_POINT_value
(
crld
,
i
);
if
(
point
->
distpoint
->
fullname
)
{
exts
=
i2v_GENERAL_NAMES
(
NULL
,
point
->
distpoint
->
fullname
,
exts
);
}
if
(
point
->
reasons
)
X509V3_add_value
(
"reasons"
,
"<UNSUPPORTED>"
,
&
exts
);
if
(
point
->
CRLissuer
)
X509V3_add_value
(
"CRLissuer"
,
"<UNSUPPORTED>"
,
&
exts
);
if
(
point
->
distpoint
->
relativename
)
X509V3_add_value
(
"RelativeName"
,
"<UNSUPPORTED>"
,
&
exts
);
}
return
exts
;
}
static
STACK_OF
(
DIST_POINT
)
*
v2i_crld
(
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
STACK
*
nval
)
{
STACK_OF
(
DIST_POINT
)
*
crld
=
NULL
;
STACK_OF
(
GENERAL_NAME
)
*
gens
=
NULL
;
GENERAL_NAME
*
gen
=
NULL
;
CONF_VALUE
*
cnf
;
int
i
;
if
(
!
(
crld
=
sk_DIST_POINT_new
(
NULL
)))
goto
merr
;
for
(
i
=
0
;
i
<
sk_num
(
nval
);
i
++
)
{
DIST_POINT
*
point
;
cnf
=
(
CONF_VALUE
*
)
sk_value
(
nval
,
i
);
if
(
!
(
gen
=
v2i_GENERAL_NAME
(
method
,
ctx
,
cnf
)))
goto
err
;
if
(
!
(
gens
=
GENERAL_NAMES_new
()))
goto
merr
;
if
(
!
sk_GENERAL_NAME_push
(
gens
,
gen
))
goto
merr
;
gen
=
NULL
;
if
(
!
(
point
=
DIST_POINT_new
()))
goto
merr
;
if
(
!
sk_DIST_POINT_push
(
crld
,
point
))
{
DIST_POINT_free
(
point
);
goto
merr
;
}
if
(
!
(
point
->
distpoint
=
DIST_POINT_NAME_new
()))
goto
merr
;
point
->
distpoint
->
fullname
=
gens
;
gens
=
NULL
;
}
return
crld
;
merr:
X509V3err
(
X509V3_F_V2I_CRLD
,
ERR_R_MALLOC_FAILURE
);
err:
GENERAL_NAME_free
(
gen
);
GENERAL_NAMES_free
(
gens
);
sk_DIST_POINT_pop_free
(
crld
,
DIST_POINT_free
);
return
NULL
;
}
int
i2d_CRL_DIST_POINTS
(
STACK_OF
(
DIST_POINT
)
*
a
,
unsigned
char
**
pp
)
{
return
i2d_ASN1_SET_OF_DIST_POINT
(
a
,
pp
,
i2d_DIST_POINT
,
V_ASN1_SEQUENCE
,
V_ASN1_UNIVERSAL
,
IS_SEQUENCE
);}
STACK_OF
(
DIST_POINT
)
*
CRL_DIST_POINTS_new
(
void
)
{
return
sk_DIST_POINT_new_null
();
}
void
CRL_DIST_POINTS_free
(
STACK_OF
(
DIST_POINT
)
*
a
)
{
sk_DIST_POINT_pop_free
(
a
,
DIST_POINT_free
);
}
STACK_OF
(
DIST_POINT
)
*
d2i_CRL_DIST_POINTS
(
STACK_OF
(
DIST_POINT
)
**
a
,
unsigned
char
**
pp
,
long
length
)
{
return
d2i_ASN1_SET_OF_DIST_POINT
(
a
,
pp
,
length
,
d2i_DIST_POINT
,
DIST_POINT_free
,
V_ASN1_SEQUENCE
,
V_ASN1_UNIVERSAL
);
}
IMPLEMENT_STACK_OF
(
DIST_POINT
)
IMPLEMENT_ASN1_SET_OF
(
DIST_POINT
)
int
i2d_DIST_POINT
(
DIST_POINT
*
a
,
unsigned
char
**
pp
)
{
int
v
=
0
;
M_ASN1_I2D_vars
(
a
);
/* NB: underlying type is a CHOICE so need EXPLICIT tagging */
M_ASN1_I2D_len_EXP_opt
(
a
->
distpoint
,
i2d_DIST_POINT_NAME
,
0
,
v
);
M_ASN1_I2D_len_IMP_opt
(
a
->
reasons
,
i2d_ASN1_BIT_STRING
);
M_ASN1_I2D_len_IMP_opt
(
a
->
CRLissuer
,
i2d_GENERAL_NAMES
);
M_ASN1_I2D_seq_total
();
M_ASN1_I2D_put_EXP_opt
(
a
->
distpoint
,
i2d_DIST_POINT_NAME
,
0
,
v
);
M_ASN1_I2D_put_IMP_opt
(
a
->
reasons
,
i2d_ASN1_BIT_STRING
,
1
);
M_ASN1_I2D_put_IMP_opt
(
a
->
CRLissuer
,
i2d_GENERAL_NAMES
,
2
);
M_ASN1_I2D_finish
();
}
DIST_POINT
*
DIST_POINT_new
(
void
)
{
DIST_POINT
*
ret
=
NULL
;
ASN1_CTX
c
;
M_ASN1_New_Malloc
(
ret
,
DIST_POINT
);
ret
->
distpoint
=
NULL
;
ret
->
reasons
=
NULL
;
ret
->
CRLissuer
=
NULL
;
return
(
ret
);
M_ASN1_New_Error
(
ASN1_F_DIST_POINT_NEW
);
}
DIST_POINT
*
d2i_DIST_POINT
(
DIST_POINT
**
a
,
unsigned
char
**
pp
,
long
length
)
{
M_ASN1_D2I_vars
(
a
,
DIST_POINT
*
,
DIST_POINT_new
);
M_ASN1_D2I_Init
();
M_ASN1_D2I_start_sequence
();
M_ASN1_D2I_get_EXP_opt
(
ret
->
distpoint
,
d2i_DIST_POINT_NAME
,
0
);
M_ASN1_D2I_get_IMP_opt
(
ret
->
reasons
,
d2i_ASN1_BIT_STRING
,
1
,
V_ASN1_BIT_STRING
);
M_ASN1_D2I_get_IMP_opt
(
ret
->
CRLissuer
,
d2i_GENERAL_NAMES
,
2
,
V_ASN1_SEQUENCE
);
M_ASN1_D2I_Finish
(
a
,
DIST_POINT_free
,
ASN1_F_D2I_DIST_POINT
);
}
void
DIST_POINT_free
(
DIST_POINT
*
a
)
{
if
(
a
==
NULL
)
return
;
DIST_POINT_NAME_free
(
a
->
distpoint
);
ASN1_BIT_STRING_free
(
a
->
reasons
);
sk_GENERAL_NAME_pop_free
(
a
->
CRLissuer
,
GENERAL_NAME_free
);
Free
((
char
*
)
a
);
}
int
i2d_DIST_POINT_NAME
(
DIST_POINT_NAME
*
a
,
unsigned
char
**
pp
)
{
int
v
=
0
;
M_ASN1_I2D_vars
(
a
);
if
(
a
->
fullname
)
{
M_ASN1_I2D_len_IMP_opt
(
a
->
fullname
,
i2d_GENERAL_NAMES
);
}
else
{
M_ASN1_I2D_len_EXP_opt
(
a
->
relativename
,
i2d_X509_NAME
,
1
,
v
);
}
/* Don't want a SEQUENCE so... */
if
(
pp
==
NULL
)
return
ret
;
p
=
*
pp
;
if
(
a
->
fullname
)
{
M_ASN1_I2D_put_IMP_opt
(
a
->
fullname
,
i2d_GENERAL_NAMES
,
0
);
}
else
{
M_ASN1_I2D_put_EXP_opt
(
a
->
relativename
,
i2d_X509_NAME
,
1
,
v
);
}
M_ASN1_I2D_finish
();
}
DIST_POINT_NAME
*
DIST_POINT_NAME_new
(
void
)
{
DIST_POINT_NAME
*
ret
=
NULL
;
ASN1_CTX
c
;
M_ASN1_New_Malloc
(
ret
,
DIST_POINT_NAME
);
ret
->
fullname
=
NULL
;
ret
->
relativename
=
NULL
;
return
(
ret
);
M_ASN1_New_Error
(
ASN1_F_DIST_POINT_NAME_NEW
);
}
void
DIST_POINT_NAME_free
(
DIST_POINT_NAME
*
a
)
{
if
(
a
==
NULL
)
return
;
X509_NAME_free
(
a
->
relativename
);
sk_GENERAL_NAME_pop_free
(
a
->
fullname
,
GENERAL_NAME_free
);
Free
((
char
*
)
a
);
}
DIST_POINT_NAME
*
d2i_DIST_POINT_NAME
(
DIST_POINT_NAME
**
a
,
unsigned
char
**
pp
,
long
length
)
{
unsigned
char
_tmp
,
tag
;
M_ASN1_D2I_vars
(
a
,
DIST_POINT_NAME
*
,
DIST_POINT_NAME_new
);
M_ASN1_D2I_Init
();
c
.
slen
=
length
;
_tmp
=
M_ASN1_next
;
tag
=
_tmp
&
~
V_ASN1_CONSTRUCTED
;
if
(
tag
==
(
0
|
V_ASN1_CONTEXT_SPECIFIC
))
{
M_ASN1_D2I_get_imp
(
ret
->
fullname
,
d2i_GENERAL_NAMES
,
V_ASN1_SEQUENCE
);
}
else
if
(
tag
==
(
1
|
V_ASN1_CONTEXT_SPECIFIC
))
{
M_ASN1_D2I_get_EXP_opt
(
ret
->
relativename
,
d2i_X509_NAME
,
1
);
}
else
{
c
.
error
=
ASN1_R_BAD_TAG
;
goto
err
;
}
M_ASN1_D2I_Finish
(
a
,
DIST_POINT_NAME_free
,
ASN1_F_D2I_DIST_POINT_NAME
);
}
crypto/x509v3/v3_lib.c
浏览文件 @
d943e372
...
...
@@ -142,7 +142,7 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
extern
X509V3_EXT_METHOD
v3_pkey_usage_period
,
v3_sxnet
;
extern
X509V3_EXT_METHOD
v3_ns_ia5_list
[],
v3_alt
[],
v3_skey_id
,
v3_akey_id
;
extern
X509V3_EXT_METHOD
v3_crl_num
,
v3_crl_reason
,
v3_cpols
;
extern
X509V3_EXT_METHOD
v3_crl_num
,
v3_crl_reason
,
v3_cpols
,
v3_crld
;
int
X509V3_add_standard_extensions
(
void
)
{
...
...
@@ -159,6 +159,7 @@ int X509V3_add_standard_extensions(void)
X509V3_EXT_add
(
&
v3_sxnet
);
X509V3_EXT_add
(
&
v3_crl_reason
);
X509V3_EXT_add
(
&
v3_cpols
);
X509V3_EXT_add
(
&
v3_crld
);
return
1
;
}
...
...
crypto/x509v3/v3err.c
浏览文件 @
d943e372
...
...
@@ -87,6 +87,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
{
ERR_PACK
(
0
,
X509V3_F_V2I_ASN1_BIT_STRING
,
0
),
"V2I_ASN1_BIT_STRING"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_AUTHORITY_KEYID
,
0
),
"V2I_AUTHORITY_KEYID"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_BASIC_CONSTRAINTS
,
0
),
"V2I_BASIC_CONSTRAINTS"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_CRLD
,
0
),
"V2I_CRLD"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_EXT_KU
,
0
),
"V2I_EXT_KU"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_GENERAL_NAME
,
0
),
"v2i_GENERAL_NAME"
},
{
ERR_PACK
(
0
,
X509V3_F_V2I_GENERAL_NAMES
,
0
),
"v2i_GENERAL_NAMES"
},
...
...
crypto/x509v3/x509v3.err
浏览文件 @
d943e372
...
...
@@ -25,6 +25,7 @@
#define X509V3_F_V2I_ASN1_BIT_STRING 101
#define X509V3_F_V2I_AUTHORITY_KEYID 119
#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
#define X509V3_F_V2I_CRLD 134
#define X509V3_F_V2I_EXT_KU 103
#define X509V3_F_V2I_GENERAL_NAME 117
#define X509V3_F_V2I_GENERAL_NAMES 118
...
...
crypto/x509v3/x509v3.h
浏览文件 @
d943e372
...
...
@@ -180,6 +180,21 @@ union {
DECLARE_STACK_OF
(
GENERAL_NAME
)
DECLARE_ASN1_SET_OF
(
GENERAL_NAME
)
typedef
struct
DIST_POINT_NAME_st
{
/* NB: this is a CHOICE type and only one of these should be set */
STACK_OF
(
GENERAL_NAME
)
*
fullname
;
X509_NAME
*
relativename
;
}
DIST_POINT_NAME
;
typedef
struct
DIST_POINT_st
{
DIST_POINT_NAME
*
distpoint
;
ASN1_BIT_STRING
*
reasons
;
STACK_OF
(
GENERAL_NAME
)
*
CRLissuer
;
}
DIST_POINT
;
DECLARE_STACK_OF
(
DIST_POINT
)
DECLARE_ASN1_SET_OF
(
DIST_POINT
)
typedef
struct
AUTHORITY_KEYID_st
{
ASN1_OCTET_STRING
*
keyid
;
STACK_OF
(
GENERAL_NAME
)
*
issuer
;
...
...
@@ -343,6 +358,23 @@ NOTICEREF *NOTICEREF_new(void);
NOTICEREF
*
d2i_NOTICEREF
(
NOTICEREF
**
a
,
unsigned
char
**
pp
,
long
length
);
void
NOTICEREF_free
(
NOTICEREF
*
a
);
int
i2d_CRL_DIST_POINTS
(
STACK_OF
(
DIST_POINT
)
*
a
,
unsigned
char
**
pp
);
STACK_OF
(
DIST_POINT
)
*
CRL_DIST_POINTS_new
(
void
);
void
CRL_DIST_POINTS_free
(
STACK_OF
(
DIST_POINT
)
*
a
);
STACK_OF
(
DIST_POINT
)
*
d2i_CRL_DIST_POINTS
(
STACK_OF
(
DIST_POINT
)
**
a
,
unsigned
char
**
pp
,
long
length
);
int
i2d_DIST_POINT
(
DIST_POINT
*
a
,
unsigned
char
**
pp
);
DIST_POINT
*
DIST_POINT_new
(
void
);
DIST_POINT
*
d2i_DIST_POINT
(
DIST_POINT
**
a
,
unsigned
char
**
pp
,
long
length
);
void
DIST_POINT_free
(
DIST_POINT
*
a
);
int
i2d_DIST_POINT_NAME
(
DIST_POINT_NAME
*
a
,
unsigned
char
**
pp
);
DIST_POINT_NAME
*
DIST_POINT_NAME_new
(
void
);
void
DIST_POINT_NAME_free
(
DIST_POINT_NAME
*
a
);
DIST_POINT_NAME
*
d2i_DIST_POINT_NAME
(
DIST_POINT_NAME
**
a
,
unsigned
char
**
pp
,
long
length
);
#ifdef HEADER_CONF_H
GENERAL_NAME
*
v2i_GENERAL_NAME
(
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
CONF_VALUE
*
cnf
);
void
X509V3_conf_free
(
CONF_VALUE
*
val
);
...
...
@@ -537,6 +569,7 @@ int X509V3_EXT_print_fp();
#define X509V3_F_V2I_ASN1_BIT_STRING 101
#define X509V3_F_V2I_AUTHORITY_KEYID 119
#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
#define X509V3_F_V2I_CRLD 134
#define X509V3_F_V2I_EXT_KU 103
#define X509V3_F_V2I_GENERAL_NAME 117
#define X509V3_F_V2I_GENERAL_NAMES 118
...
...
doc/openssl.txt
浏览文件 @
d943e372
...
...
@@ -272,10 +272,83 @@ Issuer Alternative Name.
The issuer alternative name option supports all the literal options of
subject alternative name. It does *not* support the email:copy option because
that would not make sense. It does support an
d
additional issuer:copy option
that would not make sense. It does support an additional issuer:copy option
that will copy all the subject alternative name values from the issuer
certificate (if possible).
CRL distribution points.
This is a multivalued extension that supports all the literal options of
subject alternative name. Of the few software packages that currently interpret
this extension most only interpret the URI option.
Currently each option will set a new DistributionPoint with the fullName
field set to the given value.
Other fields like cRLissuer and reasons cannot currently be set or displayed:
at this time no examples were available that used these fields.
If you see this extension with <UNSUPPORTED> when you attempt to print it out
or it doesn't appear to display correctly then let me know, including the
certificate (mail me at steve@openssl.org) .
Examples:
crlDistributionPoints=URI:http://www.myhost.com/myca.crl
crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
Certificate Policies.
This is a RAW extension. It attempts to display the contents of this extension:
unfortuntately this extension is often improperly encoded.
The certificate policies extension will rarely be used in practice: few
software packages interpret it correctly or at all.
All the fields of this extension can be set by using the appropriate syntax.
If you follow the PKIX recommendations of not including any qualifiers and just
using only one OID then you just include the value of that OID. Multiple OIDs
can be set separated by commas, for example:
certificatePolicies= 1.2.4.5, 1.1.3.4
If you wish to include qualifiers then the policy OID and qualifiers need to
be specified in a separate section: this is done by using the @section syntax
instead of a literal OID value.
The section referred to must include the policy OID using the name
policyIdentifier, cPSuri qualifiers can be included using the syntax:
CPS.nnn=value
userNotice qualifiers can be set using the syntax:
userNotice.nnn=@notice
The value of the userNotice qualifier is specified in the relevant section. This
section can include explicitText, organization and noticeNumbers options.
explicitText and organization are text strings, noticeNumbers is a comma
separated list of numbers. The organization and noticeNumbers options (if
included) must BOTH be present.
Example:
certificatePolicies=1.2.3.4,1.5.6.7.8,@polsect
[polsect]
policyIdentifier = 1.3.5.8
CPS.1="http://my.host.name/"
CPS.2="http://my.your.name/"
userNotice.1=@notice
[notice]
explicitText="Explicit Text Here"
organization="Organisation Name"
noticeNumbers=1,2,3,4
Display only extensions.
Some extensions are only partially supported and currently are only displayed
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录