aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl/openssl_x509.c
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2010-12-03 09:28:46 +0000
committerMartin Willi <martin@revosec.ch>2011-01-05 16:45:55 +0100
commit4e508517d71c98efcb5b6d27dbcaed629d69cfb4 (patch)
tree6b65d2767423304b4223efe9132c8accd791b40d /src/libstrongswan/plugins/openssl/openssl_x509.c
parent9992cb1c1013a97785cfefaba46694a7397a75a4 (diff)
downloadstrongswan-4e508517d71c98efcb5b6d27dbcaed629d69cfb4.tar.bz2
strongswan-4e508517d71c98efcb5b6d27dbcaed629d69cfb4.tar.xz
Added support for CRL Issuers to x509 and OpenSSL plugins
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_x509.c')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c83
1 files changed, 79 insertions, 4 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index aa39bc93d..1630d8faf 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -137,7 +137,7 @@ struct private_openssl_x509_t {
linked_list_t *issuerAltNames;
/**
- * List of CRL URIs
+ * List of CRL URIs, as crl_uri_t
*/
linked_list_t *crl_uris;
@@ -153,6 +153,37 @@ struct private_openssl_x509_t {
};
/**
+ * CRL URIs with associated issuer
+ */
+typedef struct {
+ identification_t *issuer;
+ linked_list_t *uris;
+} crl_uri_t;
+
+/**
+ * Create a new issuer entry
+ */
+static crl_uri_t *crl_uri_create()
+{
+ crl_uri_t *this;
+
+ INIT(this,
+ .uris = linked_list_create(),
+ );
+ return this;
+}
+
+/**
+ * Destroy a CRL URI struct
+ */
+static void crl_uri_destroy(crl_uri_t *this)
+{
+ this->uris->destroy_function(this->uris, free);
+ DESTROY_IF(this->issuer);
+ free(this);
+}
+
+/**
* Convert a GeneralName to an identification_t.
*/
static identification_t *general_name2id(GENERAL_NAME *name)
@@ -252,10 +283,36 @@ METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*,
return this->subjectAltNames->create_enumerator(this->subjectAltNames);
}
+/**
+ * Convert enumerator value from entry to (uri, issuer)
+ */
+static bool crl_enum_filter(identification_t *issuer_in,
+ char **uri_in, char **uri_out,
+ void *none_in, identification_t **issuer_out)
+{
+ *uri_out = *uri_in;
+ if (issuer_out)
+ {
+ *issuer_out = issuer_in;
+ }
+ return TRUE;
+}
+
+/**
+ * Create inner enumerator over URIs
+ */
+static enumerator_t *crl_enum_create(crl_uri_t *entry)
+{
+ return enumerator_create_filter(entry->uris->create_enumerator(entry->uris),
+ (void*)crl_enum_filter, entry->issuer, NULL);
+}
+
METHOD(x509_t, create_crl_uri_enumerator, enumerator_t*,
private_openssl_x509_t *this)
{
- return this->crl_uris->create_enumerator(this->crl_uris);
+ return enumerator_create_nested(
+ this->crl_uris->create_enumerator(this->crl_uris),
+ (void*)crl_enum_create, NULL, NULL);
}
METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*,
@@ -483,7 +540,7 @@ METHOD(certificate_t, destroy, void,
offsetof(identification_t, destroy));
this->issuerAltNames->destroy_offset(this->issuerAltNames,
offsetof(identification_t, destroy));
- this->crl_uris->destroy_function(this->crl_uris, free);
+ this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy);
this->ocsp_uris->destroy_function(this->ocsp_uris, free);
free(this);
}
@@ -615,6 +672,11 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this,
cdp = sk_DIST_POINT_value(cdps, i);
if (cdp)
{
+ crl_uri_t *entry;
+
+ entry = crl_uri_create();
+ this->crl_uris->insert_last(this->crl_uris, entry);
+
if (cdp->distpoint && cdp->distpoint->type == 0 &&
cdp->distpoint->name.fullname)
{
@@ -627,12 +689,25 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this,
{
if (asprintf(&uri, "%Y", id) > 0)
{
- this->crl_uris->insert_first(this->crl_uris, uri);
+ entry->uris->insert_last(entry->uris, uri);
}
id->destroy(id);
}
}
}
+ if (cdp->CRLissuer)
+ {
+ name_num = sk_GENERAL_NAME_num(cdp->CRLissuer);
+ for (j = 0; j < name_num; j++)
+ {
+ id = general_name2id(sk_GENERAL_NAME_value(cdp->CRLissuer, j));
+ if (id)
+ { /* get only one */
+ entry->issuer = id;
+ break;
+ }
+ }
+ }
DIST_POINT_free(cdp);
}
}