From 9b5cc156f3e42488bc975bbe3055bf004f6dae4a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 20 Jan 1999 00:14:40 +0000 Subject: Continued patches so certificates and CRLs now can support and use GeneralizedTime. --- crypto/asn1/t_x509.c | 4 ++-- crypto/asn1/x_cinf.c | 7 +++++++ crypto/asn1/x_crl.c | 24 +++++++++++++++++------- crypto/asn1/x_val.c | 20 ++++++++++---------- 4 files changed, 36 insertions(+), 19 deletions(-) (limited to 'crypto/asn1') diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index bfee6f66a7..060f99d5a8 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -146,9 +146,9 @@ X509 *x; if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err; if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; if (BIO_write(bp," Not Before: ",24) <= 0) goto err; - if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err; + if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; - if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err; + if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; if (BIO_write(bp,"\n Subject: ",18) <= 0) goto err; if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err; if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) diff --git a/crypto/asn1/x_cinf.c b/crypto/asn1/x_cinf.c index 99b9fe7b9f..88099ea9f7 100644 --- a/crypto/asn1/x_cinf.c +++ b/crypto/asn1/x_cinf.c @@ -147,7 +147,14 @@ long length; M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2, V_ASN1_BIT_STRING); } +/* Note: some broken certificates include extensions but don't set + * the version number properly. By bypassing this check they can + * be parsed. + */ + +#ifdef VERSION_EXT_CHECK if (ver >= 2) /* version 3 extensions */ +#endif { if (ret->extensions != NULL) while (sk_num(ret->extensions)) diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 5e1fa796bd..8629a73f8c 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -85,13 +85,13 @@ unsigned char **pp; M_ASN1_I2D_vars(a); M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER); - M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME); + M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME); M_ASN1_I2D_len_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION); M_ASN1_I2D_seq_total(); M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER); - M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME); + M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME); M_ASN1_I2D_put_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION); M_ASN1_I2D_finish(); @@ -107,7 +107,7 @@ long length; M_ASN1_D2I_Init(); M_ASN1_D2I_start_sequence(); M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER); - M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME); + M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME); M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION, X509_EXTENSION_free); M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED); @@ -130,9 +130,9 @@ unsigned char **pp; } M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR); M_ASN1_I2D_len(a->issuer,i2d_X509_NAME); - M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME); + M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME); if (a->nextUpdate != NULL) - { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); } + { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); } M_ASN1_I2D_len_SEQUENCE_opt(a->revoked,i2d_X509_REVOKED); M_ASN1_I2D_len_EXP_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION,0, V_ASN1_SEQUENCE,v1); @@ -177,8 +177,18 @@ long length; } M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME); - M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME); - M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME); + M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME); + /* Manually handle the OPTIONAL ASN1_TIME stuff */ + if((c.slen != 0) && + ( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) == + V_ASN1_UNIVERSAL|V_ASN1_UTCTIME) + || ( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) == + V_ASN1_UNIVERSAL|V_ASN1_GENERALIZEDTIME) ) ) ) { + M_ASN1_D2I_get(ret->nextUpdate,d2i_ASN1_TIME); + } + if(!ret->nextUpdate) + M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME); if (ret->revoked != NULL) { while (sk_num(ret->revoked)) diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c index 8d996e9950..f6534a6a5c 100644 --- a/crypto/asn1/x_val.c +++ b/crypto/asn1/x_val.c @@ -71,13 +71,13 @@ unsigned char **pp; { M_ASN1_I2D_vars(a); - M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME); - M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME); + M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME); + M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME); M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME); - M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME); + M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME); + M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME); M_ASN1_I2D_finish(); } @@ -91,8 +91,8 @@ long length; M_ASN1_D2I_Init(); M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME); - M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME); + M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME); + M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME); M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL); } @@ -102,8 +102,8 @@ X509_VAL *X509_VAL_new() ASN1_CTX c; M_ASN1_New_Malloc(ret,X509_VAL); - M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new); - M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new); + M_ASN1_New(ret->notBefore,ASN1_TIME_new); + M_ASN1_New(ret->notAfter,ASN1_TIME_new); return(ret); M_ASN1_New_Error(ASN1_F_X509_VAL_NEW); } @@ -112,8 +112,8 @@ void X509_VAL_free(a) X509_VAL *a; { if (a == NULL) return; - ASN1_UTCTIME_free(a->notBefore); - ASN1_UTCTIME_free(a->notAfter); + ASN1_TIME_free(a->notBefore); + ASN1_TIME_free(a->notAfter); Free((char *)a); } -- cgit v1.2.3