diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-04 00:45:35 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-04 00:45:35 +0000 |
commit | ce1b4fe14648007bf054cf54846c0620e4605251 (patch) | |
tree | e3c5e114c8c622564482e88831ef6c4799fa53cb /crypto/pem | |
parent | ce2c95b2a249256ec92bd060ff083de8e3a22be2 (diff) | |
download | openssl-ce1b4fe14648007bf054cf54846c0620e4605251.tar.gz |
Allow additional information to be attached to a
certificate: currently this includes trust settings
and a "friendly name".
Diffstat (limited to 'crypto/pem')
-rw-r--r-- | crypto/pem/pem.h | 3 | ||||
-rw-r--r-- | crypto/pem/pem_all.c | 2 | ||||
-rw-r--r-- | crypto/pem/pem_lib.c | 54 |
3 files changed, 44 insertions, 15 deletions
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 1b0c8a0aa5..ce2c1a3596 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -103,6 +103,7 @@ extern "C" { #define PEM_STRING_X509_OLD "X509 CERTIFICATE" #define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" #define PEM_STRING_X509_CRL "X509 CRL" @@ -529,6 +530,8 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) + DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_rw(X509_CRL, X509_CRL) diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index b5857e0ebc..80f4037262 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -67,6 +67,8 @@ IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) +IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) + IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 3c86a23fc7..a4ea21205c 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -75,6 +75,7 @@ const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT; static int def_callback(char *buf, int num, int w, void *userdata); static int load_iv(unsigned char **fromp,unsigned char *to, int num); +static int check_pem(const char *nm, const char *name); static int def_callback(char *buf, int num, int w, void *userdata) { @@ -168,6 +169,43 @@ char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x, } #endif +static int check_pem(const char *nm, const char *name) +{ + /* Normal matching nm and name */ + if (!strcmp(nm,name)) return 1; + + /* Make PEM_STRING_EVP_PKEY match any private key */ + + if(!strcmp(nm,PEM_STRING_PKCS8) && + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + + if(!strcmp(nm,PEM_STRING_PKCS8INF) && + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + + if(!strcmp(nm,PEM_STRING_RSA) && + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + + if(!strcmp(nm,PEM_STRING_DSA) && + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + + /* Permit older strings */ + + if(!strcmp(nm,PEM_STRING_X509_OLD) && + !strcmp(name,PEM_STRING_X509)) return 1; + + if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) && + !strcmp(name,PEM_STRING_X509_REQ)) return 1; + + /* Allow normal certs to be read as trusted certs */ + if(!strcmp(nm,PEM_STRING_X509) && + !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; + + if(!strcmp(nm,PEM_STRING_X509_OLD) && + !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; + + return 0; +} + char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x, pem_password_cb *cb, void *u) { @@ -185,21 +223,7 @@ char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x, ERR_add_error_data(2, "Expecting: ", name); return(NULL); } - if ( (strcmp(nm,name) == 0) || - ((strcmp(nm,PEM_STRING_RSA) == 0) && - (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) || - ((strcmp(nm,PEM_STRING_DSA) == 0) && - (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) || - ((strcmp(nm,PEM_STRING_PKCS8) == 0) && - (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) || - ((strcmp(nm,PEM_STRING_PKCS8INF) == 0) && - (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) || - ((strcmp(nm,PEM_STRING_X509_OLD) == 0) && - (strcmp(name,PEM_STRING_X509) == 0)) || - ((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) && - (strcmp(name,PEM_STRING_X509_REQ) == 0)) - ) - break; + if(check_pem(nm, name)) break; Free(nm); Free(header); Free(data); |