diff options
| author | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-11 23:11:56 +0300 |
|---|---|---|
| committer | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-14 11:46:02 +0300 |
| commit | a94afcfac2402dbf5200a6d16b320c166994a49e (patch) | |
| tree | 395313c937c3bee07855ed8d84ff30fd5ba4fe21 | |
| parent | 37cb916de5c8806b43bfbc859f27fe03624f297e (diff) | |
| download | gnutls-a94afcfac2402dbf5200a6d16b320c166994a49e.tar.gz | |
x509: print certificate policiy names
Add ability to print names for several pre-defined Certificate policies.
Currently the list is populated with anyPolicy from X.509 and CA/B
policies.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| -rw-r--r-- | lib/x509/output.c | 20 | ||||
| -rw-r--r-- | tests/cert-tests/data/grfc.crt | 2 |
2 files changed, 20 insertions, 2 deletions
diff --git a/lib/x509/output.c b/lib/x509/output.c index 8084b92b29..d2da3916db 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -959,6 +959,19 @@ hexdump: adds(str, "\n"); } +#define ENTRY(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, 0} + +static const struct oid_to_string cp_oid2str[] = { + ENTRY("2.5.29.32.0", "anyPolicy"), + + ENTRY("2.23.140.1.2.1", "CA/B Domain Validated"), + ENTRY("2.23.140.1.2.2", "CA/B Organization Validated"), + ENTRY("2.23.140.1.2.3", "CA/B Individual Validated"), + ENTRY("2.23.140.1.1", "CA/B Extended Validation"), + + {NULL, 0, NULL, 0}, +}; + struct ext_indexes_st { int san; int ian; @@ -1011,6 +1024,7 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, struct gnutls_x509_policy_st policy; gnutls_x509_policies_t policies; const char *name; + const struct oid_to_string *entry; int x; err = gnutls_x509_policies_init(&policies); @@ -1050,7 +1064,11 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, critical ? _("critical") : _("not critical")); - addf(str, "%s\t\t\t%s\n", prefix, policy.oid); + entry = _gnutls_oid_get_entry(cp_oid2str, policy.oid); + if (entry != NULL && entry->name_desc != NULL) + addf(str, "%s\t\t\t%s (%s)\n", prefix, policy.oid, entry->name_desc); + else + addf(str, "%s\t\t\t%s\n", prefix, policy.oid); for (j = 0; j < policy.qualifiers; j++) { if (policy.qualifier[j].type == GNUTLS_X509_QUALIFIER_URI) diff --git a/tests/cert-tests/data/grfc.crt b/tests/cert-tests/data/grfc.crt index c7af541b5f..5161c9cb79 100644 --- a/tests/cert-tests/data/grfc.crt +++ b/tests/cert-tests/data/grfc.crt @@ -39,7 +39,7 @@ X.509 Certificate Information: Certificate Policies (not critical): 1.2.643.100.113.1 1.2.643.100.113.2 - 2.5.29.32.0 + 2.5.29.32.0 (anyPolicy) Signature Algorithm: GOSTR341001 Signature: bd:95:dd:5f:3a:2b:74:a5:29:62:20:c2:24:a8:8b:a0 |