diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:16:07 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:16:07 +0200 |
| commit | a3b482a8facde4b453ad821bfe40effbe3d17903 (patch) | |
| tree | 636f02074b05b7473f5db1fe60fa2bceb0094a62 /src/libstrongswan/plugins/openssl/openssl_x509.c | |
| parent | d816a1afbd841e9943bb439fe4e110b7c4970550 (diff) | |
| parent | b34738ed08c2227300d554b139e2495ca5da97d6 (diff) | |
| download | vyos-strongswan-a3b482a8facde4b453ad821bfe40effbe3d17903.tar.gz vyos-strongswan-a3b482a8facde4b453ad821bfe40effbe3d17903.zip | |
Merge tag 'upstream/4.6.4'
Upstream version 4.6.4
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_x509.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_x509.c | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index f7495b2ae..5caf5182c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -597,7 +600,7 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, } if (constraints->pathlen) { - + pathlen = ASN1_INTEGER_get(constraints->pathlen); this->pathlen = (pathlen >= 0 && pathlen < 128) ? pathlen : X509_NO_CONSTRAINT; @@ -609,6 +612,41 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, } /** + * parse key usage + */ +static bool parse_keyUsage_ext(private_openssl_x509_t *this, + X509_EXTENSION *ext) +{ + ASN1_BIT_STRING *usage; + + usage = X509V3_EXT_d2i(ext); + if (usage) + { + if (usage->length > 0) + { + int flags = usage->data[0]; + if (usage->length > 1) + { + flags |= usage->data[1] << 8; + } + switch (flags) + { + case X509v3_KU_CRL_SIGN: + this->flags |= X509_CRL_SIGN; + break; + case X509v3_KU_KEY_CERT_SIGN: + /* we use the caBasicContraint, MUST be set */ + default: + break; + } + } + ASN1_BIT_STRING_free(usage); + return TRUE; + } + return FALSE; +} + +/** * Parse CRL distribution points */ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, @@ -713,7 +751,7 @@ static bool parse_authorityInfoAccess_ext(private_openssl_x509_t *this, { if (asprintf(&uri, "%Y", id) > 0) { - this->ocsp_uris->insert_first(this->ocsp_uris, uri); + this->ocsp_uris->insert_last(this->ocsp_uris, uri); } id->destroy(id); } @@ -804,6 +842,9 @@ static bool parse_extensions(private_openssl_x509_t *this) case NID_basic_constraints: ok = parse_basicConstraints_ext(this, ext); break; + case NID_key_usage: + ok = parse_keyUsage_ext(this, ext); + break; case NID_crl_distribution_points: ok = parse_crlDistributionPoints_ext(this, ext); break; |