diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2003-03-24 17:04:44 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2003-03-24 17:04:44 +0000 |
| commit | 520b76ffd95cb27839471055fa4950ff9bf50be2 (patch) | |
| tree | 5060348afed5bf7b4c5d5aac068ea9410f5cc69b /crypto/x509v3/v3_alt.c | |
| parent | 1c2d14123887c54b1a0111b3f2bcb75ec72f82ca (diff) | |
| download | openssl-520b76ffd95cb27839471055fa4950ff9bf50be2.tar.gz | |
Support for name constraints.
Diffstat (limited to 'crypto/x509v3/v3_alt.c')
| -rw-r--r-- | crypto/x509v3/v3_alt.c | 171 |
1 files changed, 104 insertions, 67 deletions
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 8642dd5104..ad6cb08e20 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -407,89 +407,126 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf) -{ -char is_string = 0; -int type; -GENERAL_NAME *gen = NULL; + { + return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); + } -char *name, *value; +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf, int is_nc) + { + char is_string = 0; + int type; + GENERAL_NAME *gen = NULL; -name = cnf->name; -value = cnf->value; + char *name, *value; -if(!value) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); - return NULL; -} + name = cnf->name; + value = cnf->value; -if(!(gen = GENERAL_NAME_new())) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - return NULL; -} + if(!value) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); + return NULL; + } -if(!name_cmp(name, "email")) { - is_string = 1; - type = GEN_EMAIL; -} else if(!name_cmp(name, "URI")) { - is_string = 1; - type = GEN_URI; -} else if(!name_cmp(name, "DNS")) { - is_string = 1; - type = GEN_DNS; -} else if(!name_cmp(name, "RID")) { - ASN1_OBJECT *obj; - if(!(obj = OBJ_txt2obj(value,0))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", value); - goto err; - } - gen->d.rid = obj; - type = GEN_RID; -} else if(!name_cmp(name, "IP")) { - if(!(gen->d.ip = a2i_IPADDRESS(value))) + if (out) + gen = out; + else { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); - ERR_add_error_data(2, "value=", value); - goto err; + gen = GENERAL_NAME_new(); + if(gen == NULL) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); + return NULL; + } } - type = GEN_IPADD; -} else if(!name_cmp(name, "dirName")) { - type = GEN_DIRNAME; - if (!do_dirname(gen, value, ctx)) + + if(!name_cmp(name, "email")) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); - goto err; + is_string = 1; + type = GEN_EMAIL; + } + else if(!name_cmp(name, "URI")) + { + is_string = 1; + type = GEN_URI; + } + else if(!name_cmp(name, "DNS")) + { + is_string = 1; + type = GEN_DNS; + } + else if(!name_cmp(name, "RID")) + { + ASN1_OBJECT *obj; + if(!(obj = OBJ_txt2obj(value,0))) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); + ERR_add_error_data(2, "value=", value); + goto err; + } + gen->d.rid = obj; + type = GEN_RID; + } + else if(!name_cmp(name, "IP")) + { + if (is_nc) + gen->d.ip = a2i_IPADDRESS_NC(value); + else + gen->d.ip = a2i_IPADDRESS(value); + if(gen->d.ip == NULL) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); + ERR_add_error_data(2, "value=", value); + goto err; + } + type = GEN_IPADD; + } + else if(!name_cmp(name, "dirName")) + { + type = GEN_DIRNAME; + if (!do_dirname(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); + goto err; + } + } + else if(!name_cmp(name, "otherName")) + { + if (!do_othername(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); + goto err; + } + type = GEN_OTHERNAME; } -} else if(!name_cmp(name, "otherName")) { - if (!do_othername(gen, value, ctx)) + else { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); + ERR_add_error_data(2, "name=", name); goto err; } - type = GEN_OTHERNAME; -} else { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); - ERR_add_error_data(2, "name=", name); - goto err; -} -if(is_string) { - if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || - !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, - strlen(value))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - goto err; - } -} + if(is_string) + { + if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || + !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, + strlen(value))) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); + goto err; + } + } -gen->type = type; + gen->type = type; -return gen; + return gen; -err: -GENERAL_NAME_free(gen); -return NULL; -} + err: + GENERAL_NAME_free(gen); + return NULL; + } static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { |