diff options
| author | Martin Willi <martin@revosec.ch> | 2010-12-03 09:28:46 +0000 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-01-05 16:45:55 +0100 |
| commit | 4e508517d71c98efcb5b6d27dbcaed629d69cfb4 (patch) | |
| tree | 6b65d2767423304b4223efe9132c8accd791b40d /src/libstrongswan/plugins/openssl/openssl_x509.c | |
| parent | 9992cb1c1013a97785cfefaba46694a7397a75a4 (diff) | |
| download | strongswan-4e508517d71c98efcb5b6d27dbcaed629d69cfb4.tar.bz2 strongswan-4e508517d71c98efcb5b6d27dbcaed629d69cfb4.tar.xz | |
Added support for CRL Issuers to x509 and OpenSSL plugins
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_x509.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_x509.c | 83 |
1 files changed, 79 insertions, 4 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index aa39bc93d..1630d8faf 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -137,7 +137,7 @@ struct private_openssl_x509_t { linked_list_t *issuerAltNames; /** - * List of CRL URIs + * List of CRL URIs, as crl_uri_t */ linked_list_t *crl_uris; @@ -153,6 +153,37 @@ struct private_openssl_x509_t { }; /** + * CRL URIs with associated issuer + */ +typedef struct { + identification_t *issuer; + linked_list_t *uris; +} crl_uri_t; + +/** + * Create a new issuer entry + */ +static crl_uri_t *crl_uri_create() +{ + crl_uri_t *this; + + INIT(this, + .uris = linked_list_create(), + ); + return this; +} + +/** + * Destroy a CRL URI struct + */ +static void crl_uri_destroy(crl_uri_t *this) +{ + this->uris->destroy_function(this->uris, free); + DESTROY_IF(this->issuer); + free(this); +} + +/** * Convert a GeneralName to an identification_t. */ static identification_t *general_name2id(GENERAL_NAME *name) @@ -252,10 +283,36 @@ METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, return this->subjectAltNames->create_enumerator(this->subjectAltNames); } +/** + * Convert enumerator value from entry to (uri, issuer) + */ +static bool crl_enum_filter(identification_t *issuer_in, + char **uri_in, char **uri_out, + void *none_in, identification_t **issuer_out) +{ + *uri_out = *uri_in; + if (issuer_out) + { + *issuer_out = issuer_in; + } + return TRUE; +} + +/** + * Create inner enumerator over URIs + */ +static enumerator_t *crl_enum_create(crl_uri_t *entry) +{ + return enumerator_create_filter(entry->uris->create_enumerator(entry->uris), + (void*)crl_enum_filter, entry->issuer, NULL); +} + METHOD(x509_t, create_crl_uri_enumerator, enumerator_t*, private_openssl_x509_t *this) { - return this->crl_uris->create_enumerator(this->crl_uris); + return enumerator_create_nested( + this->crl_uris->create_enumerator(this->crl_uris), + (void*)crl_enum_create, NULL, NULL); } METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, @@ -483,7 +540,7 @@ METHOD(certificate_t, destroy, void, offsetof(identification_t, destroy)); this->issuerAltNames->destroy_offset(this->issuerAltNames, offsetof(identification_t, destroy)); - this->crl_uris->destroy_function(this->crl_uris, free); + this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); this->ocsp_uris->destroy_function(this->ocsp_uris, free); free(this); } @@ -615,6 +672,11 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, cdp = sk_DIST_POINT_value(cdps, i); if (cdp) { + crl_uri_t *entry; + + entry = crl_uri_create(); + this->crl_uris->insert_last(this->crl_uris, entry); + if (cdp->distpoint && cdp->distpoint->type == 0 && cdp->distpoint->name.fullname) { @@ -627,12 +689,25 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { if (asprintf(&uri, "%Y", id) > 0) { - this->crl_uris->insert_first(this->crl_uris, uri); + entry->uris->insert_last(entry->uris, uri); } id->destroy(id); } } } + if (cdp->CRLissuer) + { + name_num = sk_GENERAL_NAME_num(cdp->CRLissuer); + for (j = 0; j < name_num; j++) + { + id = general_name2id(sk_GENERAL_NAME_value(cdp->CRLissuer, j)); + if (id) + { /* get only one */ + entry->issuer = id; + break; + } + } + } DIST_POINT_free(cdp); } } |