diff options
Diffstat (limited to 'src/libstrongswan/plugins/openssl')
7 files changed, 51 insertions, 216 deletions
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 4048bbd02..d1c8fce81 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -226,13 +226,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -253,6 +247,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -271,14 +267,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 7708af958..58401faa5 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -382,11 +382,8 @@ static private_openssl_crl_t *create_empty() }, .get_serial = _get_serial, .get_authKeyIdentifier = _get_authKeyIdentifier, -<<<<<<< HEAD -======= .is_delta_crl = (void*)return_false, .create_delta_crl_uri_enumerator = (void*)enumerator_create_empty, ->>>>>>> upstream/4.5.1 .create_enumerator = _create_enumerator, }, }, @@ -463,9 +460,6 @@ static bool parse_extensions(private_openssl_crl_t *this) ok = parse_crlNumber_ext(this, ext); break; default: -<<<<<<< HEAD - ok = TRUE; -======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -474,7 +468,6 @@ static bool parse_extensions(private_openssl_crl_t *this) DBG1(DBG_LIB, "found unsupported critical X.509 " "CRL extension"); } ->>>>>>> upstream/4.5.1 break; } if (!ok) diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index 2ed07ff0c..cd9a3bd4a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -152,7 +152,7 @@ METHOD(crypter_t, set_key, void, METHOD(crypter_t, destroy, void, private_openssl_crypter_t *this) { - free(this->key.ptr); + chunk_clear(&this->key); free(this); } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 32fc2bccd..78ed2811a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -257,7 +257,7 @@ METHOD(diffie_hellman_t, destroy, void, { EC_POINT_clear_free(this->pub_key); EC_KEY_free(this->key); - chunk_free(&this->shared_secret); + chunk_clear(&this->shared_secret); free(this); } diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index cf48b4c15..96aa38bb6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -41,11 +41,6 @@ #include "openssl_x509.h" #include "openssl_crl.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "openssl"; - ->>>>>>> upstream/4.5.1 typedef struct private_openssl_plugin_t private_openssl_plugin_t; /** @@ -198,6 +193,12 @@ static void threading_cleanup() mutex = NULL; } +METHOD(plugin_t, get_name, char*, + private_openssl_plugin_t *this) +{ + return "openssl"; +} + METHOD(plugin_t, destroy, void, private_openssl_plugin_t *this) { @@ -253,6 +254,8 @@ plugin_t *openssl_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -277,167 +280,85 @@ plugin_t *openssl_plugin_create() } /* crypter */ -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_RC5, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_NULL, - (crypter_constructor_t)openssl_crypter_create); - - /* hasher */ - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD2, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, - (hasher_constructor_t)openssl_hasher_create); - - /* prf */ - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, - (prf_constructor_t)openssl_sha1_prf_create); - - /* (ec) diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); -#ifndef OPENSSL_NO_EC - lib->crypto->add_dh(lib->crypto, ECP_256_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_384_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_521_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); -#endif /* OPENSSL_NO_EC */ - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_RC5, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_RC5, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_NULL, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_NULL, get_name(this), (crypter_constructor_t)openssl_crypter_create); /* hasher */ - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD2, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)openssl_hasher_create); /* prf */ - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this), (prf_constructor_t)openssl_sha1_prf_create); /* (ec) diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); #ifndef OPENSSL_NO_EC - lib->crypto->add_dh(lib->crypto, ECP_256_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_256_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_384_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_384_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_521_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_521_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_224_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_192_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); #endif /* OPENSSL_NO_EC */ - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); /* rsa */ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 0b607c386..d1afd94cc 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -455,6 +455,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, return NULL; } +#ifndef OPENSSL_NO_ENGINE /** * Login to engine with a PIN specified for a keyid */ @@ -496,6 +497,7 @@ static bool login(ENGINE *engine, chunk_t keyid) } return success; } +#endif /* OPENSSL_NO_ENGINE */ /** * See header. diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 7c7f2aa06..f7495b2ae 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -84,11 +84,7 @@ struct private_openssl_x509_t { /** * Pathlen constraint */ -<<<<<<< HEAD - int pathlen; -======= u_char pathlen; ->>>>>>> upstream/4.5.1 /** * certificate subject @@ -141,11 +137,7 @@ struct private_openssl_x509_t { linked_list_t *issuerAltNames; /** -<<<<<<< HEAD - * List of CRL URIs -======= * List of CRL URIs, as x509_cdp_t ->>>>>>> upstream/4.5.1 */ linked_list_t *crl_uris; @@ -161,8 +153,6 @@ struct private_openssl_x509_t { }; /** -<<<<<<< HEAD -======= * Destroy a CRL URI struct */ static void crl_uri_destroy(x509_cdp_t *this) @@ -173,7 +163,6 @@ static void crl_uri_destroy(x509_cdp_t *this) } /** ->>>>>>> upstream/4.5.1 * Convert a GeneralName to an identification_t. */ static identification_t *general_name2id(GENERAL_NAME *name) @@ -261,12 +250,6 @@ METHOD(x509_t, get_authKeyIdentifier, chunk_t, return chunk_empty; } -<<<<<<< HEAD -METHOD(x509_t, get_pathLenConstraint, int, - private_openssl_x509_t *this) -{ - return this->pathlen; -======= METHOD(x509_t, get_constraint, u_int, private_openssl_x509_t *this, x509_constraint_t type) { @@ -277,7 +260,6 @@ METHOD(x509_t, get_constraint, u_int, default: return X509_NO_CONSTRAINT; } ->>>>>>> upstream/4.5.1 } METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, @@ -298,16 +280,6 @@ METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, return this->ocsp_uris->create_enumerator(this->ocsp_uris); } -<<<<<<< HEAD -METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*, - private_openssl_x509_t *this) -{ - /* TODO */ - return enumerator_create_empty(); -} - -======= ->>>>>>> upstream/4.5.1 METHOD(certificate_t, get_type, certificate_type_t, private_openssl_x509_t *this) { @@ -520,11 +492,7 @@ METHOD(certificate_t, destroy, void, offsetof(identification_t, destroy)); this->issuerAltNames->destroy_offset(this->issuerAltNames, offsetof(identification_t, destroy)); -<<<<<<< HEAD - this->crl_uris->destroy_function(this->crl_uris, free); -======= this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); ->>>>>>> upstream/4.5.1 this->ocsp_uris->destroy_function(this->ocsp_uris, free); free(this); } @@ -558,13 +526,6 @@ static private_openssl_x509_t *create_empty() .get_serial = _get_serial, .get_subjectKeyIdentifier = _get_subjectKeyIdentifier, .get_authKeyIdentifier = _get_authKeyIdentifier, -<<<<<<< HEAD - .get_pathLenConstraint = _get_pathLenConstraint, - .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, - .create_crl_uri_enumerator = _create_crl_uri_enumerator, - .create_ocsp_uri_enumerator = _create_ocsp_uri_enumerator, - .create_ipAddrBlock_enumerator = _create_ipAddrBlock_enumerator, -======= .get_constraint = _get_constraint, .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, .create_crl_uri_enumerator = _create_crl_uri_enumerator, @@ -573,18 +534,13 @@ static private_openssl_x509_t *create_empty() .create_name_constraint_enumerator = (void*)enumerator_create_empty, .create_cert_policy_enumerator = (void*)enumerator_create_empty, .create_policy_mapping_enumerator = (void*)enumerator_create_empty, ->>>>>>> upstream/4.5.1 }, }, .subjectAltNames = linked_list_create(), .issuerAltNames = linked_list_create(), .crl_uris = linked_list_create(), .ocsp_uris = linked_list_create(), -<<<<<<< HEAD - .pathlen = X509_NO_PATH_LEN_CONSTRAINT, -======= .pathlen = X509_NO_CONSTRAINT, ->>>>>>> upstream/4.5.1 .ref = 1, ); @@ -630,10 +586,7 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, X509_EXTENSION *ext) { BASIC_CONSTRAINTS *constraints; -<<<<<<< HEAD -======= long pathlen; ->>>>>>> upstream/4.5.1 constraints = (BASIC_CONSTRAINTS*)X509V3_EXT_d2i(ext); if (constraints) @@ -644,14 +597,10 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, } if (constraints->pathlen) { -<<<<<<< HEAD - this->pathlen = ASN1_INTEGER_get(constraints->pathlen); -======= pathlen = ASN1_INTEGER_get(constraints->pathlen); this->pathlen = (pathlen >= 0 && pathlen < 128) ? pathlen : X509_NO_CONSTRAINT; ->>>>>>> upstream/4.5.1 } BASIC_CONSTRAINTS_free(constraints); return TRUE; @@ -667,16 +616,10 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { CRL_DIST_POINTS *cdps; DIST_POINT *cdp; -<<<<<<< HEAD - identification_t *id; - char *uri; - int i, j, point_num, name_num; -======= identification_t *id, *issuer; x509_cdp_t *entry; char *uri; int i, j, k, point_num, name_num, issuer_num; ->>>>>>> upstream/4.5.1 cdps = X509V3_EXT_d2i(ext); if (!cdps) @@ -701,9 +644,6 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { if (asprintf(&uri, "%Y", id) > 0) { -<<<<<<< HEAD - this->crl_uris->insert_first(this->crl_uris, uri); -======= if (cdp->CRLissuer) { issuer_num = sk_GENERAL_NAME_num(cdp->CRLissuer); @@ -730,16 +670,12 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, ); this->crl_uris->insert_last(this->crl_uris, entry); } ->>>>>>> upstream/4.5.1 } id->destroy(id); } } } -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 DIST_POINT_free(cdp); } } @@ -872,9 +808,6 @@ static bool parse_extensions(private_openssl_x509_t *this) ok = parse_crlDistributionPoints_ext(this, ext); break; default: -<<<<<<< HEAD - ok = TRUE; -======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -882,7 +815,6 @@ static bool parse_extensions(private_openssl_x509_t *this) { DBG1(DBG_LIB, "found unsupported critical X.509 extension"); } ->>>>>>> upstream/4.5.1 break; } if (!ok) @@ -940,8 +872,6 @@ static bool parse_certificate(private_openssl_x509_t *this) { return FALSE; } -<<<<<<< HEAD -======= if (X509_get_version(this->x509) < 0 || X509_get_version(this->x509) > 2) { DBG1(DBG_LIB, "unsupported x509 version: %d", @@ -949,7 +879,6 @@ static bool parse_certificate(private_openssl_x509_t *this) return FALSE; } ->>>>>>> upstream/4.5.1 this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509)); this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509)); @@ -993,11 +922,7 @@ static bool parse_certificate(private_openssl_x509_t *this) if (!parse_extensions(this)) { -<<<<<<< HEAD - return TRUE; -======= return FALSE; ->>>>>>> upstream/4.5.1 } parse_extKeyUsage(this); |