summaryrefslogtreecommitdiff
path: root/src/libstrongswan/crypto/crl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/crypto/crl.c')
-rwxr-xr-xsrc/libstrongswan/crypto/crl.c80
1 files changed, 34 insertions, 46 deletions
diff --git a/src/libstrongswan/crypto/crl.c b/src/libstrongswan/crypto/crl.c
index 00d6a3ac3..b4ae37b2e 100755
--- a/src/libstrongswan/crypto/crl.c
+++ b/src/libstrongswan/crypto/crl.c
@@ -39,10 +39,6 @@
#define CRL_WARNING_INTERVAL 7 /* days */
-extern char* check_expiry(time_t expiration_date, int warning_interval, bool strict);
-extern time_t parse_time(chunk_t blob, int level0);
-extern void parse_authorityKeyIdentifier(chunk_t blob, int level0 , chunk_t *authKeyID, chunk_t *authKeySerialNumber);
-
/* access structure for a revoked certificate */
typedef struct revokedCert_t revokedCert_t;
@@ -100,6 +96,11 @@ struct private_crl_t {
identification_t *issuer;
/**
+ * CRL number
+ */
+ chunk_t crlNumber;
+
+ /**
* Time when the crl was generated
*/
time_t thisUpdate;
@@ -291,6 +292,14 @@ bool parse_x509crl(chunk_t blob, u_int level0, private_crl_t *crl)
{
parse_authorityKeyIdentifier(object, level, &crl->authKeyID, &crl->authKeySerialNumber);
}
+ else if (extn_oid == OID_CRL_NUMBER)
+ {
+ if (!parse_asn1_simple_object(&object, ASN1_INTEGER, level, "crlNumber"))
+ {
+ return FALSE;
+ }
+ crl->crlNumber = object;
+ }
}
break;
case CRL_OBJ_ALGORITHM:
@@ -416,66 +425,47 @@ static void destroy(private_crl_t *this)
}
/**
- * output handler in printf()
+ * Implementation of crl_t.list.
*/
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
+static void list(private_crl_t *this, FILE* out, bool utc)
{
- private_crl_t *this = *((private_crl_t**)(args[0]));
- bool utc = TRUE;
- int written = 0;
time_t now;
- if (info->alt)
- {
- utc = *((bool*)args[1]);
- }
-
- if (this == NULL)
- {
- return fprintf(stream, "(null)");
- }
-
now = time(NULL);
- written += fprintf(stream, "%#T, revoked certs: %d\n", &this->installed, utc,
+ fprintf(out, "%#T, revoked certs: %d\n", &this->installed, utc,
this->revokedCertificates->get_count(this->revokedCertificates));
- written += fprintf(stream, " issuer: '%D'\n", this->issuer);
- written += fprintf(stream, " updates: this %#T\n", &this->thisUpdate, utc);
- written += fprintf(stream, " next %#T ", &this->nextUpdate, utc);
+ fprintf(out, " issuer: '%D'\n", this->issuer);
+ if (this->crlNumber.ptr)
+ {
+ fprintf(out, " crlnumber: %#B\n", &this->crlNumber);
+ }
+ fprintf(out, " updates: this %#T\n", &this->thisUpdate, utc);
+ fprintf(out, " next %#T ", &this->nextUpdate, utc);
if (this->nextUpdate == UNDEFINED_TIME)
{
- written += fprintf(stream, "ok (expires never)");
+ fprintf(out, "ok (expires never)\n");
}
else if (now > this->nextUpdate)
{
- written += fprintf(stream, "expired (%V ago)", &now, &this->nextUpdate);
+ fprintf(out, "expired (%V ago)\n", &now, &this->nextUpdate);
}
else if (now > this->nextUpdate - CRL_WARNING_INTERVAL * 60 * 60 * 24)
{
- written += fprintf(stream, "ok (expires in %V)", &now, &this->nextUpdate);
+ fprintf(out, "ok (expires in %V)\n", &now, &this->nextUpdate);
}
else
{
- written += fprintf(stream, "ok");
+ fprintf(out, "ok\n");
}
if (this->authKeyID.ptr)
{
- written += fprintf(stream, "\n authkey: %#B", &this->authKeyID);
+ fprintf(out, " authkey: %#B\n", &this->authKeyID);
}
if (this->authKeySerialNumber.ptr)
{
- written += fprintf(stream, "\n aserial: %#B", &this->authKeySerialNumber);
+ fprintf(out, " aserial: %#B\n", &this->authKeySerialNumber);
}
- return written;
-}
-
-/**
- * register printf() handlers
- */
-static void __attribute__ ((constructor))print_register()
-{
- register_printf_function(PRINTF_CRL, print, arginfo_ptr_alt_ptr_int);
}
/*
@@ -489,6 +479,7 @@ crl_t *crl_create_from_chunk(chunk_t chunk)
this->crlDistributionPoints = linked_list_create();
this->tbsCertList = chunk_empty;
this->issuer = NULL;
+ this->crlNumber = chunk_empty;
this->revokedCertificates = linked_list_create();
this->authKeyID = chunk_empty;
this->authKeySerialNumber = chunk_empty;
@@ -502,6 +493,7 @@ crl_t *crl_create_from_chunk(chunk_t chunk)
this->public.verify = (bool (*) (const crl_t*,const rsa_public_key_t*))verify;
this->public.get_status = (void (*) (const crl_t*,certinfo_t*))get_status;
this->public.write_to_file = (bool (*) (const crl_t*,const char*,mode_t,bool))write_to_file;
+ this->public.list = (void(*)(crl_t*, FILE* out, bool utc))list;
this->public.destroy = (void (*) (crl_t*))destroy;
if (!parse_x509crl(chunk, 0, this))
@@ -520,14 +512,10 @@ crl_t *crl_create_from_file(const char *filename)
{
bool pgp = FALSE;
chunk_t chunk = chunk_empty;
- crl_t *crl = NULL;
if (!pem_asn1_load_file(filename, NULL, "crl", &chunk, &pgp))
+ {
return NULL;
-
- crl = crl_create_from_chunk(chunk);
-
- if (crl == NULL)
- free(chunk.ptr);
- return crl;
+ }
+ return crl_create_from_chunk(chunk);
}