diff options
| author | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-15 19:10:26 +0000 |
|---|---|---|
| committer | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-15 19:10:26 +0000 |
| commit | a9f907be146be0df2cc756c19543ec1d10ccdef9 (patch) | |
| tree | 109838f304d3a9ca71b18d1cb5fa6afbac64c1c5 | |
| parent | 771aeb763c14ab9fe6a2bbfc2cffe45908c5a377 (diff) | |
| parent | 1e780c7705f734522399ba175bb820268a9b1e64 (diff) | |
| download | gnutls-a9f907be146be0df2cc756c19543ec1d10ccdef9.tar.gz | |
Merge branch 'cert-policies' into 'master'
Decode certificate policies OIDs
See merge request gnutls/gnutls!1245
| -rw-r--r-- | lib/x509/output.c | 28 | ||||
| -rw-r--r-- | tests/cert-tests/data/grfc.crt | 6 |
2 files changed, 30 insertions, 4 deletions
diff --git a/lib/x509/output.c b/lib/x509/output.c index 8084b92b29..c8b0c66ddb 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -959,6 +959,27 @@ hexdump: adds(str, "\n"); } +#define ENTRY(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, 0} + +static const struct oid_to_string cp_oid2str[] = { + ENTRY("2.5.29.32.0", "anyPolicy"), + + ENTRY("2.23.140.1.2.1", "CA/B Domain Validated"), + ENTRY("2.23.140.1.2.2", "CA/B Organization Validated"), + ENTRY("2.23.140.1.2.3", "CA/B Individual Validated"), + ENTRY("2.23.140.1.1", "CA/B Extended Validation"), + + /* draft-deremin-rfc4491-bis */ + ENTRY("1.2.643.100.113.1", "Russian security class KC1"), + ENTRY("1.2.643.100.113.2", "Russian security class KC2"), + ENTRY("1.2.643.100.113.3", "Russian security class KC3"), + ENTRY("1.2.643.100.113.4", "Russian security class KB1"), + ENTRY("1.2.643.100.113.5", "Russian security class KB2"), + ENTRY("1.2.643.100.113.6", "Russian security class KA1"), + + {NULL, 0, NULL, 0}, +}; + struct ext_indexes_st { int san; int ian; @@ -1011,6 +1032,7 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, struct gnutls_x509_policy_st policy; gnutls_x509_policies_t policies; const char *name; + const struct oid_to_string *entry; int x; err = gnutls_x509_policies_init(&policies); @@ -1050,7 +1072,11 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, critical ? _("critical") : _("not critical")); - addf(str, "%s\t\t\t%s\n", prefix, policy.oid); + entry = _gnutls_oid_get_entry(cp_oid2str, policy.oid); + if (entry != NULL && entry->name_desc != NULL) + addf(str, "%s\t\t\t%s (%s)\n", prefix, policy.oid, entry->name_desc); + else + addf(str, "%s\t\t\t%s\n", prefix, policy.oid); for (j = 0; j < policy.qualifiers; j++) { if (policy.qualifier[j].type == GNUTLS_X509_QUALIFIER_URI) diff --git a/tests/cert-tests/data/grfc.crt b/tests/cert-tests/data/grfc.crt index c7af541b5f..0b06f778b8 100644 --- a/tests/cert-tests/data/grfc.crt +++ b/tests/cert-tests/data/grfc.crt @@ -37,9 +37,9 @@ X.509 Certificate Information: ASCII: ... Hexdump: 020100 Certificate Policies (not critical): - 1.2.643.100.113.1 - 1.2.643.100.113.2 - 2.5.29.32.0 + 1.2.643.100.113.1 (Russian security class KC1) + 1.2.643.100.113.2 (Russian security class KC2) + 2.5.29.32.0 (anyPolicy) Signature Algorithm: GOSTR341001 Signature: bd:95:dd:5f:3a:2b:74:a5:29:62:20:c2:24:a8:8b:a0 |